Cyber Crime Updates...(Prerna231 Group)

Quote of the day

2009-08-09T19:56:00.000+05:30

Quote of the day

Our real enemies are the people who make us feel so good that we are slowly, but inexorably, pulled down into the quicksand of smugness and self-satisfaction.

Sydney Harris

New IT Term of the day

2009-08-09T19:54:00.000+05:30

New IT Term of the day

darknet

Short for dark Internet, in file sharing terminology, a darknet is a Internet or private network, where information and content are shared by darknet participants anonymously. Darknets are popular with users who share copy protected files as the service will let users send and receive files anonymously — that is, users cannot be traced, tracked or personally identified. Usually, darknets are not easily accessible via regular Web browsers.

ATTACK : Attackers Took Shots at Wi-Fi Network at Black Hat

2009-08-09T19:53:00.000+05:30

ATTACK : Attackers Took Shots at Wi-Fi Network at Black Hat

by Brian Prince

August 4, 2009

It should come as no surprise that at a security conference called 'Black Hat' there would be a fair amount of shenanigans going on over the WLAN network.

According to Aruba Networks, which provided the Wi-Fi network at the conference last month in Las Vegas, attackers were up to their usual tricks. The company tracked and analyzed all attempted attacks throughout the event.

Here is what they found:

BLACKHAT 2009 STATS:

Security stats:

9 suspected rogue access points were detected.

175 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall.

23 impersonation attacks were detected.

71 non-Blackhat access points were detected.

154 denial-of-service attacks were detected.

In some ways, the numbers were an improvement from 2008; in some ways not. For example, fewer rogue access points were detected this year. On the other hand, there were 130 more denial-of-service attacks detected in 2009. Check out these numbers:

BLACKHAT 2008 STATS:

Security stats:

Each day there were between 10-15 rogue APs detected (rogue defined as an AP that was advertising the conference SSID of "BlackHat").

49 users attempted to connect to rogue APs and were blocked by RFprotect, which generated 709 shielding actions

362 attempts by a wireless user to access the Aruba mobility controller were blocked by the Aruba firewall.

221 attempts by a wireless user to ARP poison the default gateway were blocked by the Aruba firewall.

140 port scans (nmap or similar) from wireless users to other wireless users were detected and blocked by the Aruba firewall.

57 non-Blackhat APs were detected

24 denial of service attacks were detected. The average duration of each attack was 24 seconds.

The stats are a reminder that whether you are at a security conference or at a local Starbucks, it is best to keep your guard up.

CHINA : Hacker Schools Become Big Business

2009-08-09T19:51:00.001+05:30

CHINA : Hacker Schools Become Big Business

By Matthew Harwood

08/05/2009

http://www.securitymanagement.com/news/china-hacker-schools-become-big-business-006017

Long known as a prominent source of cyberattacks worldwide, China has seen the emergence of online training schools that teach students the skills necessary to either be a network defender or a cybercriminal.

These "hacker schools," as they're known, are also big business, generating $34.8 million last year, reports China Daily.

Students can enroll in online classes for as little as a few hundred yuan.

While some schools advertise themselves as training the next generation of security experts, many worry a percentage of the students will use their skills to commit various cybercrimes, such as identity theft or stealing trade secrets.

Wang Xianbing—a security consultant for a prominent online hacking school, Hackbase.com—likens the training provided by the Web site to that of the locksmith trade.

"It's like teaching lock picking," he told Beijing Today. "No one can guarantee the student will become a professional locksmith rather than a future thief."

Rather it's up to the individual and his conscience whether to use his knowledge for good or evil, Wang said. Interviewed by China Daily, he said that the company's students are explicitly told not to use their knowledge for illegal activities.

"Lots of hacker schools only teach students how to hack into unprotected computers and steal personal information," said Wang. "They then make a profit by selling users' information."

Imparting such knowledge, even with caveats, runs obvious risks. Last year alone, according to China Daily, hacking cost the Chinese economy approximately $1 billion. Globally, Symantec estimates cybercrime cost firms a total of $1 trillion in 2008, reported CNet.com in January.

But money isn't the only motivation, reports China Daily.

A 25-year-old hacker school student from Shanghai surnamed Wang, said most of his "classmates" simply enroll in hacker school for personal reasons, such as spying on relatives, showing off their computer-savvy skills or taking revenge on a rival's Websites, rather than making money.

Wang described the Catch-22 of teaching a new generation of security experts the tools of the trade: "They have to learn how to attack a Web site before they can learn how to defend it."

Also see -

http://www.radioaustralianews.net.au/stories/200908/2647252.htm?desktop

CONTROL : Malaysia considering internet filter

2009-08-09T19:48:00.001+05:30

CONTROL : Malaysia considering internet filter

Reuters

06 August 2009

http://mt.m2day.org/2008/content/view/25355/84/

MALAYSIA is considering the establishment of an Internet filter, similar to China's abandoned 'Green Dam' project, a source familiar with the process told Reuters on Thursday.

News of the proposal emerged within days of police arresting nearly 600 opposition supporters at a weekend rally denouncing a government that has ruled this Southeast Asian country for 51 years.

A vibrant Internet culture has contributed to political challenges facing the government, which tightly controls mainstream media and has used sedition laws and imprisonment without trial to prosecute a blogger.

'They (the government) are looking to tweak the technical and legal details of implementing this Internet filter, setting the stage for its implementation late this year or next year,' said the source, who declined to be identified.

No one from the government was available for comment.

Malaysia plans to double home Internet penetration to 50 per cent by the end of next year with a new broadband project.

New Information, Communication and Culture Minister Rais Yatim, whose ministry issued the tender, also plans to secure control over the content and monitoring division of Malaysia's Internet regulator, a second source said.

'The minister wants to focus more on enforcement in the coming year,' the source said.

Malaysia, with a population of 27 million, attracted foreign technology companies such as Microsoft Corp and Cisco Systems to invest and guaranteed that the government would not impose controls on the Internet.

Ms Rais said last month that wider broadband access required more regulation.

'With the good comes the bad through the broadband over the Internet,' he said. 'We will introduce certain measures to overcome the bad.'

THREAT : Cyber security threat to India is real

2009-08-09T19:44:00.000+05:30

THREAT : Cyber security threat to India is real

Vicky Nanjappa

Rediff.com

August 05, 2009

http://news.rediff.com/special/2009/aug/05/cyber-security-threat-to-india-is-real.htm

The demand for better methods to enforce cyber security has grown stronger since the November 26 attacks in Mumbai

India has a dedicated organisation, CERT-In -- which operates under the auspices of the department of communication and information technology -- to tackle cyber crimes. However, the agency is not a prosecuting body.

An officer at CERT-In told rediff.com over the telephone from New Delhi that although the agency does not have the legal power to examine cyber crimes, it can probe cases referred to the organisation.

CERT-In, which covers both government and military areas, says the threats relating to cyber security are on the rise. Common targets include critical infrastructure like telecommunication, transportation, energy and finance.

The attackers are not confined to information infrastructures and geographical boundaries. They exploit network interconnections and navigate easily through the infrastructure. More worryingly, these cyber criminals are becoming more skilled at masking their behaviour.

CERT-In consists a group of professionals headed by a director who investigate cases referred to the agency. It submits a report to the police station that has sought the agency's help following which a chargesheet is filed.

Why not a single agency?

Senior police officers say it is difficult to have a single agency looking at such cases.

If a crime is committed in a particular state, it is easier for police officers of that state to probe the case. At present, one police officer adds, no one person has complete charge of cyber security.

Although the Union government drafts all cyber laws and CERT-In assists in investigations, the final call can be taken by the cyber crime wings based in the states.

The only other national agency which can probe cyber crime cases is the Central Bureau of Investigation.

The prosecuting agency

The ministry for communication and information technology governs the system pertaining to cyber security. While the ministry is largely involved in drafting laws, the actual job on the ground is handled by the cyber-crime wings in the states.

The law is clear that a complaint pertaining to a cyber crime or threat can be assigned only to the jurisdictional cyber crime wing in each state. An inspector general of police heads each cyber crime wing; a superintendent of police, inspectors and sub inspectors report to her/him. Only this department can file a chargesheet and prosecute individuals involved in cyber criminal activity.

The inspector general of police reports to the state police chief.

An officer in the Karnataka cyber crime wing said it is often difficult to crack a case as the cell does not have enough IT professionals. In such cases, CERT-In's assistance is sought.

Experts feel the process of investigating a cyber crime is cumbersome under the present set-up. It is difficult to have a national level agency which takes a final call since Indian law clearly states that cases will be probed on a jurisdictional basis for all practical purposes.

R Srikumar, a former Karnataka police chief and chairman of the Cyber Society of India (Karnataka chapter), says that trained personnel could be inducted into cyber crime cells so that the procedure of referring the matter to another agency and then waiting for a report to proceed with the prosecution can be avoided.

Professor Chandrashekar, a forensics expert and a member of the CSI, believes dedicated teams of IT professionals should be appointed by respective state governments to work with the cyber crime wings.

Former CBI Director R Raghavan launched the first cyber society in Tamil Nadu. Professor Chandrashekar explains that the society's role is to train professionals in cracking cyber crimes.

He says the society will sign a Memorandum of Understanding with the National Law School, Bengaluru, to introduce a course in cyber security. The course will issue a certificate to certified cyber crime investigators.

Cyber crime wings in the states could then employ such certified investigators.

Although private security agencies investigate cyber crimes, the Union government has not made full use of their services as is the case in some countries.

Sources say the government may seek the skills of private agencies in select cases, but would prefer to improve official cyber crime wings since such cases often involve national security.

Quote for the Day

2009-07-26T20:47:00.000+05:30

Quote of the day

Happiness must be cultivated. It is like character. It is not a thing to be safely let alone for a moment, or it will run to weeds.

Elizabeth Stuart Phelps

(1844-1911, Writer)

New IT Term of the day

2009-07-26T20:46:00.000+05:30

New IT Term of the day

microblog

A type of blog that lets users publish short text updates. Bloggers can usually use a number of service for the updates including instant messaging, e-mail, or Twitter. The posts are called microposts, while the act of using these services to update your blog is called microblogging. Social networking sites, like Facebook, also use a microblogging feature in profiles. On Facebook this is called "Status Updates".

BEWARE : Repair Shops Hack Your Laptops

2009-07-26T20:45:00.000+05:30

BEWARE : Repair Shops Hack Your Laptops

July 22, 2009

Mark White, home affairs correspondent

http://news.sky.com/skynews/Home/UK-News/Sky-News-Undercover-Laptop-Investigation-Repair-Shops-Caught-Hacking-Into-Personal-Files/Article/200907315343387?lpos=UK_News_Top_Stories_Header_0&lid=ARTICLE_15343387_Sky_News_Undercover_Laptop_Investigation%3A_R

Some computer repair shops are illegally accessing personal data on customers' hard drives - and even trying to hack their bank accounts, a Sky News investigation has found.

In one case, passwords, log-in details and holiday photographs were all copied onto a portable memory stick by a technician.

In other shops, customers were charged for non-existent work and simple faults were misdiagnosed.

An investigator from the Trading Standards Institute said he was "shocked" by the findings.

The investigation was carried out using surveillance software loaded onto a brand-new laptop.

It operated without the user being aware that every event that took place on the computer was being logged.

All activity on the screen was captured in still images, and the identity of whoever was using the computer was recorded using the laptop's built-in camera.

Sky engineers then created a simple, easily diagnosable fault, by loosening the connection of the internal memory chip.

This prevented Windows being able to load. To get things working again, the chip would simply need to be pushed back into position.

The investigation targeted six different computer repair shops. All but one misdiagnosed or overcharged for the fault.

The most serious offender was Revival Computers in Hammersmith, West London.

Shortly after identifying the real fault, an engineer called our undercover reporter to say the computer needed a new motherboard, which would cost £130.

Tests carried out by our internal Sky engineer after the diagnosis revealed there was nothing wrong with it.

The surveillance software then recorded one technician browsing through the files on the hard-drive, including private documents and intimate holiday photos, including some of our researcher in her bikini.

As he snooped through the files, he is seen smiling and showing the pictures to another colleague.

Later on in the same shop, a second technician loads up the machine and also looks through the photos, which are inside a folder clearly marked 'private'.

He then plugs his own portable memory stick into the laptop and copies files, including passwords and photos, into a folder labelled "mamma jammas".

Inside one of the documents copied to the memory stick was a text file containing passwords for Facebook, Hotmail, eBay and a NatWest bank account.

Once the technician had discovered this information, he opened a web browser on the laptop and attempted to log into the back account for around five minutes.

The only reason he was unsuccessful was because the details were fake.

When confronted over the findings, staff at Laptop Revival said they did not want to respond to Sky News on camera.

However in a telephone conversation, they denied all knowledge of the alleged abuses.

When shown the findings, Richard Webb, an e-commerce investigator for Trading Standards said: "I'm really quite shocked, both in the range of potential problems this has revealed - people overcharging, mis-describing the faults - but also people attempting to steal personal details.

"It's a big abuse of trust. If you were expert in computers you wouldn't have to hand in your machine to be repaired. They know that.

"They know you won't be able to tell what they've done afterwards, they know you're putting your trust in them and unfortunately, as we're seeing, there are too many people willing to abuse that trust.

"What you've shown is that there is a much wider problem in the industry than we knew about.

"It suggests we need to look at the area again and we do need to test it like you have done, but with a view of taking criminal enforcement action if these problems are found and evidenced."

SPY : Did Etisalat Spied BlackBerry Customers?

2009-07-26T20:44:00.002+05:30

SPY : Did Etisalat Spied BlackBerry Customers?

BlackBerry customers revolt after spyware scandal

If your customers think that you tried to spy on them, that's not going to be good for business.

23 July 2009

http://www.sophos.com/blogs/gc/g/2009/07/23/blackberry-customers-revolt-after-spyware-scandal/

That's the message that's presumably being heard loud-and-clear by telecoms company Etisalat, which has found itself in the middle of a storm of negative headlines after it was revealed that an update it sent to BlackBerry users in the United Arab Emirates, which claimed to improve performance of the mobile device, was actually spying on them.

RIM, makers of the Blackberry smartphone beloved by businesspeople around the world, say that the spyware update sent out by Etisalat actually worsened battery life and reception, and (most worryingly) was designed to "to send received messages back to a central server."

Potentially, the patch gave Etisalat the ability to read any emails and text messages sent from their customers' BlackBerry devices.

Now, an online survey conducted by the Arabian Business website reveals that more than 50% of Etisalat's BlackBerry customers are planning to ditch the UAE telecoms provider in the wake of the spyware. It's hard not to feel sympathetic with those aggrieved customers. After all, as Erin Andrews just demonstrated, no-one likes to be watched without their knowledge.

Curiously, the offending patch appears to have been written by a US-based company called SS8, who develop electronic surveillance solutions for intelligence agencies.

Quite why Etisalat may have wanted to distribute a spyware update to monitor its customers is still unclear. So far they have declined to comment on the claims of spyware, restricting their public comment on the matter to the following statement:

Etisalat today confirmed that a conflict in the settings in some BlackBerry devices has led to a slight technical fault while upgrading the software of these devices.

This has resulted in reduced battery life in a very limited number of devices. Etisalat has received approximately 300 complaints to date, out of its total customer base which exceeds 145,000.

These upgrades were required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.

Customers who have been affected are advised to call 101 where they will be given instructions on how to restore their handset to its original state. This will resolve the issue completely.

RIM has published an update which removes the application from affected BlackBerry smartphones.

PREDATOR : Indian “Internet predator” held in U.S.

2009-07-26T20:44:00.001+05:30

PREDATOR : Indian “Internet predator” held in U.S.

PTI

24 July 2009

http://www.hindu.com/2009/07/24/stories/2009072455341300.htm

Washington: In possibly the first such case involving an Indian in the U.S., police in Pennsylvania have arrested an Indian engineer on charges of using Internet for soliciting young girls for sex.

In a statement, the Pennsylvania Attorney General Tom Corbett said Nityanand Gopalika (30), here on a work visa, allegedly used an Internet chat room to approach what he believed was a 13-year old girl from the Pittsburgh area.

The “girl” was actually an undercover agent from the Child Predator Unit. According to the criminal complaint filed by the Attorney General’s Child Predator Unit, Gopalika engaged in a series of chats over several days questioning the girl about her sexual experience and describing the sex acts he wished to engage in. Gopalika is also accused of sending the girl two obscene web cam videos.

Gopalika was arrested on July 1 when he arrived at a predetermined meeting location.

Following a search of his vehicle, agents seized two laptop computers, a digital camera, a cell phone allegedly containing a partially completed text message to the “child,” directions to the meeting location and a bag of condoms. Gopalika was preliminarily arraigned on July 1 and lodged in the Butler County Jail in lieu of $15,000 cash bail, pending a preliminary hearing on Friday.

FINED : HSBC companies slapped with US$5M fines over data breach

2009-07-26T20:36:00.000+05:30

FINED : HSBC companies slapped with US$5M fines over data breach

By Jo Best,

ZDNet Asia

July 23, 2009

http://www.zdnetasia.com/news/business/0,39044229,62056295,00.htm

Three HSBC companies have been hit with fines after the financial services watchdog found they weren't doing enough to protect customers' data.

The U.K. Financial Services Authority (FSA) fined HSBC Life 1.6 million pounds (US$2.6 million), HSBC Actuaries 875,000 pounds (US$1.4 million) and HSBC Insurance Brokers 700,000 pounds (US$1.1 million)--making a total of 3.1 million pounds (US$5.1 million) in penalties between them.

Due to the fact the three firms settled with the FSA, their fines were discounted by 30 percent--the original charges totaled 4.55 million pounds (US$7.47 million).

The FSA handed down the fines after an investigation found customer data was sent without encryption to third parties and via couriers, and left in unlocked cabinets and shelves openly.

Staff were also not given proper training over how to spot and deal with risks like identity theft, the FSA found.

Clive Bannister, group managing director of HSBC Insurance, said the company regrets falling short in dealing with customers' data.

"While this is a serious matter, no customer reported any loss from these failures. We are doing everything possible to prevent a recurrence. We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy," he said in a statement.

Two of the HSBC companies recorded losses of data: in 2007, HSBC Actuaries lost an unencrypted floppy disk in the post, containing the details of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers; while 2008 saw HSBC Life lose an unencrypted CD containing the details of 180,000 policy holders in the post. Those affected have been alerted to the losses by the companies.

Margaret Cole, director of enforcement at the FSA, described the losses as "disappointing".

"All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals. It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers' details," she said in a statement.

The three companies have now improved staff training and use encryption when data is being moved.

Quote of the day

2009-07-24T21:22:00.001+05:30

Quote of the day

You can have anything you want -- if you want it badly enough.

You can be anything you want to be, have anything you desire, accomplish anything you set out to accomplish -- if you will hold to that desire with singleness of purpose.

Robert Collier

(Publisher)

New IT Term of the day

2009-07-24T21:17:00.000+05:30

New IT Term of the day

chicken boner

A slang term used in reference to an inexperienced spammer. The reference implies that the person is a low-life who spends all their time in front of the computer with "fried chicken bones littering the floor".

FINED : UK Consultant Handed £5,000 Fine Over Database Breach

2009-07-24T21:14:00.000+05:30

FINED : UK Consultant Handed £5,000 Fine Over Database Breach

by Desire Athow

21 July, 2009,

http://www.itproportal.com/portal/news/article/2009/7/21/consultant-handed-5000-fine-over-database-breach/

A man behind an illicit database containing details of construction workers has been slapped with a fine of £5,000 for infringing the UK Data Protection Act at Knutsford Crown Court and required to pay a further £1,187.20 in costs.

Last week, Ian Kerr, the founder of The Consultancy Association (TCA) which illicitly held and sold confidential information of employees, has been found guilty of data breaches and eventually ordered to pay considerable fines.

Kerr was sentenced by the Court following an investigation by the Information Commissioner’s Office, which disclosed that he conducted a secret operation to vet construction workers for job in the industry.

David Smith, Deputy Information Commissioner, commented on the case by saying, “Ian Kerr colluded with construction firms for many years flouting the Data Protection Act and ignoring people's privacy rights. Trading people's personal details in this way is unlawful and we are determined to stamp out this type of activity.”

It was ascertained by the Court that the database created by TCA held information on as many as 3,213 construction workers and was utilised by around 40 construction companies.

The information watchdog is said to take enforcement action against 17 construction companies that paid Kerr for information on workers, in the wake of any representations made by the firms.

JAILED : Two years in jail for IT director who wiped medical data

2009-07-24T21:12:00.000+05:30

JAILED : Two years in jail for IT director who wiped medical data

Ex-employee deleted crucial organ donation records

By Jaikumar Vijayan

www.computerworlduk.com

21 July 2009

http://www.computerworlduk.com/management/security/data-control/news/index.cfm?RSS&NewsId=15841

An IT director at an organ donation organisation has been sentenced to two years in prison for intentionally deleting numerous records and other data after being fired from her job.

Danielle Duann, 51, who worked at an organ procurement centre for more than 200 hospitals in Texas, was also sentenced to three years of supervised release upon completion of her term and ordered to pay more than $94,000 in restitution to her former employer, LifeGift Organ Donation Center.

Duann in April had pleaded guilty to one count of unauthorised access to a protected computer.

Court documents filed in connection with the case describe what is becoming an increasingly familiar tale of companies victimised by insiders.

Duann was hired by LifeGift in 2003 and put in charge of overseeing the company's entire IT infrastructure and fired in November 2005 for reasons not specified in court documents.

At the time of her termination, Duann was informed in writing that all her access rights had been revoked. The company also took steps to lock all administrator accounts to which Duann was known to have access.

Despite such steps, Duann still managed to access LifeGift's network from her home on the same evening she was fired, via a VPN account that she appears to have previously set up without anyone's knowledge.

Once inside the network, Duann used an administrator account belonging to another LifeGift employee to log into several servers, including the company's organ donor database server and main accounting server, multiple times.

Over the next several hours, she then deleted donor records, accounting invoice files, database and software applications, backup files and the software tokens needed to run some applications.

In a bid to cover her tracks, Duann manually deleted all logs of her VPN sessions with the company's network. She also disabled the activity logging functions on the database and accounting servers -- making it impossible for LifeGift to identity all of the individual files and applications she deleted, the court documents said.

Duann's sabotage, however, was discovered the next morning by an employee of a network services company that had just been hired by LifeGift to provide backup and disaster recovery services for the non-profit. The employee noticed someone deleting files in real-time from a VPN connection, which he quickly terminated.

The VPN connection logs and IP address was later traced back to Duann's home Internet connection. A subsequent search of Duann's home and computer systems by the FBI uncovered more evidence that linked her to the sabotage.

Like countless similar incidents, this one highlights the challenges that companies face when it comes to protecting data and systems from malicious insiders. In this case, the sabotage occurred even though LifeGift appears to have taken most of the measures that security experts recommend when employees leave the company or are fired.

For instance, the company immediately revoked Duann's access privileges after terminating her and disabled all administrator accounts to which she had had previous access. The fact that Duann still managed to access the company's servers just hours later, highlights how difficult it can sometimes be to stop insiders who plan to do harm.

THREAT : Cyber attack a threat to London Olympics

2009-07-24T21:11:00.001+05:30

THREAT : Cyber attack a threat to London Olympics

Organizers feel that a potential cyber attack posed a unique challenge for the London 2012 Olympics

Avril Ormsby

July 22, 2009

http://www.ciol.com/Global-News/News-Reports/Cyber-attack-a-threat-to-London-Olympics/22709122606/0/

LONDON, UK: Olympic organizers are "very alive" to the threat of a cyber attack on the London 2012 Olympics, made more challenging because of its evolving nature, senior Interior Ministry officials said on Tuesday.

Ticketing systems, the transport network and hotel bookings as well as security are among potential targets.

Olympic security officials are also planning for the possible diversion of aircraft to protect airspace around the venues from terrorist attacks, the officials said.

The greatest threat to security at the Games is international terrorism, the government's latest "Safety and Security Strategy" report said.

"There's no current evidence of a terrorist threat to 2012," one of the Interior Ministry officials said.

"But if you look at precedents for sporting events, and to some degree about Olympic events, it would not be beyond the point of imagination to imagine a terrorist threat to 2012 nearer the time."

Metropolitan Police Assistant Commissioner Chris Allison said it was likely there would be a terrorist threat at the Games but he pointed to Britain's "long history of delivering safe sporting events".

Threats Change

Despite the British government on Monday lowering the threat level from international terrorism from "severe" to "substantial", security planning for the Games will be based on an assumed threat level of severe -- the second highest level.

Interior Minister Alan Johnson said in a statement that security planning was "progressing in good time and to budget".

A total of 600 million pounds ($980 million) has been put aside for security, but Interior Ministry officials said if the threat increased it could put upward pressure on costs.

The officials, who declined to be named, said a potential cyber attack posed a unique challenge because it was constantly changing and that more funds were being directed at the problem of computer attacks.

"The general challenge reflected in cyber is anticipating what threats will look like three years out, and threats change, the nature of terrorism changes and the nature of serious crime changes as well, and cyber specifically is a really good example of a moving threat," one of the officials said.

"I think we are very alive to the cyber (issue) and we are very alive to the fact that at the moment it is difficult to predict what it will look like with specific reference to the Games in 2012."

Officials are also drawing up plans for protecting water and air space around Olympic venues from possible attack, including possibly diverting aircraft. It is expected diversions would most likely affect smaller, private aircraft.

"We do expect there will have to be some management of air space," another of the Interior Ministry officials said.

"We do not expect that any airports will have to be closed."

TOPPER : U.S. Is Top Spam-Producing Country

2009-07-24T21:07:00.000+05:30

TOPPER : U.S. Is Top Spam-Producing Country

The US has been named the world's biggest spam-producing country, says security vendor Sophos.

By Carrie-Ann Skinner

PC Advisor (UK)

July 21, 2009

http://www.cio.com/article/497728/U.S._Named_As_Top_Spam_Producing_Country

The US has been named the world's biggest spam-producing country.

Security firm Sophos said the US was responsible for 15.6 percent of all spam received between April and June this year - that's one in every six junk emails.

The US was closely followed by Brazil, which produced 11.1 percent of all spam, and Turkey, which generated 5.2 percent.

Russia, which was second on Sophos' Dirty Dozen list a year ago, has now fallen to ninth place and was only responsible for 3.2 percent of all spam between April and June.

Graham Cluley, senior technology consultant for Sophos, said: "Barack Obama's recent speech on cybersecurity emphasised the threat posed by overseas criminals and enemy states, but these figures prove that there is a significant problem in his own back yard. If America could clean up its compromised PCs it would be a considerable benefit to everyone around the world who uses the net".

Quote of the day

2009-07-19T21:50:00.001+05:30

Quote of the day

When it is dark enough, you can see the stars.

Charles Beard

New IT Term of the day

2009-07-19T21:49:00.000+05:30

New IT Term of the day

spamware

Software that is used by spammers to send out automated spam e-mail. Spamware packages may also include an e-mail harvesting tool.

SURVEY : One in six consumers acts on spam

2009-07-19T21:47:00.000+05:30

SURVEY : One in six consumers acts on spam

Jeremy Kirk

July 14, 2009

IDG News Service

http://www.computerworld.com/s/article/9135496/One_in_six_consumers_acts_on_spam_survey_says?source=CTWNLE_nlt_virusv_2009-07-16

About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.

Due to be released Wednesday, the survey was sponsored by the Messaging Anti-Abuse Working Group (MAAWG), an industrywide security think tank composed of service providers and network operators dedicated to fighting spam and malicious software.

Eight hundred consumers in the U.S. and Canada were asked about their computer security practices habits as well as awareness of current security issues.

Those who did admit to opening a spam message -- which in and of itself could potentially harm their computer -- said they were interested in a product or service or wanted to see what would happen when they opened it.

"It is this level of response that makes spamming a lot more attractive as a business because spam is much more likely to generate revenues at this response rate," according to the survey.

One other study, conducted by the computer science departments of the University of California at its Berkeley and San Diego campuses, showed the number people who actually made a purchase following a spam pitch was just a fraction of a percent.

Those researchers infiltrated the Storm botnet, a network of hacked computers used to send spam.

They monitored three spam campaigns, in which more than 469 million e-mails were sent. Of the 350 million messages pitching pharmaceuticals, 10,522 users visited the advertised site, but only 28 people tried to make a purchase, a response rate of .0000081 percent. Still, that rate is high enough to potentially generate up to $3.5 million in annual revenue, they concluded.

MAAWG's survey showed that nearly two-thirds of the 800 polled felt they were somewhat experienced in Internet security, a highly complex field even for those trained in it, said Michael O'Reirdan, chairman of MAAWG's board of directors.

And some 80% of people felt their machine would never be infected with a bot, or a piece of malicious software that can send spam, harvest data and do other harmful functions. That's dangerous, O'Reirdan said.

"If you don't believe you aren't going to get one, you aren't going to look for one," he said. "If you get a bot, you're a nuisance to other people."

Interestingly, 63% of consumers said they would allow remote access to their computer to remove malware. That idea is under increasing discussion in the security community, which is grappling with how to deal with botnets. Botnets can also conduct denial-of-service attacks against Web sites, such as the ones attacked last week in South Korea and the U.S.

Some ISPs are building automated systems that can cut off a computer's Internet access if the machine is suspected of containing malware. Consumers are then given instructions on how to patch their machine and install security software. When their PC is clean, they are restored full access to the Internet. MAAWG is close to issuing a set of guidelines for ISPs on how to battle botnets.

"The best thing a user can do is patch their machine religiously," O'Reirdan said. "It's incredible easy to do."

RISK : SPAM BOT for 3G Phone

2009-07-19T21:45:00.000+05:30

RISK : SPAM BOT for 3G Phone

Zombies bite into Symbian smartphones

Low-risk mobile Trojan bundles botnet features

By John Leyden

16th July 2009

http://www.theregister.co.uk/2009/07/16/mobile_trojan/

Security researchers have identified the first known spam bot client for 3G phones.

YXES-B poses as a legitimate application called Sexy Space (ACSServer.exe) to steal the subscriber, phone, and network information of victims. The malware forwards these details to a site under hacker control.

The same site contains message clips that form the template to send spammed SMS messages to the victims' contacts.

The malware therefore has a command and control infrastructure that makes it a botnet for mobile phones, according to Trend Micro, the security software firm.

The code-signing process applied by Symbian is designed to enure that threats like YXES-B never meet the light of day. Hackers have subverted this process for a second time - YXES-B was proceeded by an earlier variant. It it's unclear how they have done this

The damage potential posed by the malware is quite high. Fortunately, incidents of actual infections remain low.

More details on the threat can be found in a write-up from Trend Micro here http://blog.trendmicro.com/signed-malware-coming-to-a-phone-near-you/#ixzz0LLLdJHN9&D

PROFESSIONAL : Cyber Criminals using Business School Teachings

2009-07-19T21:44:00.000+05:30

PROFESSIONAL : Cyber Criminals using Business School Teachings

Cyber crime lords using big business tactics:Cisco

PHYSorg.com / AFP

14 Jul 2009

www.physorg.com/news166817806.html

Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.

"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.

Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.

"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.

"The novel thing is that they have taken the Harvard Business School, General Electric board room

business training and applied it to their old techniques."

The California technology firm specializing in computer networking gear summarized current threats in a "Midyear Security Report" that concludes hackers are increasingly operating like successful businesses.

Peterson cited how cyber hackers capitalized on interest in the death of pop icon Michael Jackson in late June.

Disasters, celebrity doings and other major news is routine fodder for bogus emails and websites

booby-trapped with computer viruses, but in the case of Jackson's death, crooks cranked out fake news stories to dupe readers.

"They had their criminal copy editors working on copy for the story as fast as it happened," Peterson said.

"They brought the Jackson story to market in a way that rivals media outlets. They have an advantage; they don't have to do any reporting."

Billions of spam messages with links to trick websites or videos promising scintillating Jackson images and information were fired off in the days after his June 25 death, according to Cisco.

"Sales leads" that followed online links were turned into "customers," whose computers were stealthily infected with nefarious codes for stealing data, usurping control of machines or other evil deeds.

Cyber criminals are reportedly embracing a nefarious version of a "cloud computing" trend of offering

computer applications online as services.

Commanders of infected computers woven into "botnet" armies rent out illegally assembled networks to fellow criminals for sending spam, launching attacks or other deeds, according to Cisco.

Peterson told of an "anti-anti-virus" online operation called "Virtest" that charges hackers monthly fees to keep them informed about which security firms can detect their malicious programs.

"It's a criminal service," Peterson said of the operation, which appears to be based in Russia. "We've seen lots of examples of criminals sharing tools, but we've never seen a commercial business like this."

Spammers also employ a business marketing practice of packing booby-trapped websites with terms

typically used as keywords in various Internet search engines so that their links land high in query results.

Cisco referred to the practice as "Spamdexing."

"Because so many consumers tend to trust and not be suspicious of rankings on leading search engines, they may readily download one of the fake software packages assuming it is legitimate," Cisco said in the report.

Cyber crooks are also hunting for prey in the rapidly expanding population of mobile telephone users by sending trick text messages.

Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.

Callers are connected to automated voice systems that, feigning to represent the banks, ask people to enter account passwords and other personal information that can later be exploited, Peterson said.

Online social networks, according to Cisco, are becoming popular "customer acquisition" territory for cyber criminals.

"It's big business now to penetrate those networks," said Peterson.

People in online communities are more likely to click on links and download content they believe is from people they know and trust, the report said.

BEWARE : Hacker Hacked Twitter – Stolen Secret Documents

2009-07-19T21:41:00.000+05:30

BEWARE : Hacker Hacked Twitter – Stolen Secret Documents

By Maggie Shiels

Technology reporter

BBC News

2009/07/16

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8153122.stm

The microblogging service Twitter has been terribly hacked. Twitter is taking legal advice after hundreds of documents were hacked into and published by a number of blogs.

TechCrunch has made public some of the 310 bits of material it was sent.

It posted information about Twitter's financial projections and products.

"We are in touch with our legal counsel about what this theft means for Twitter, the hacker and anyone who accepts...or publishes these stolen documents, " said Twitter's Biz Stone.

In a blog posting he wrote that "About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked.

"From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Mr Stone, Twitter's co-founder, went on to stress that "the attack had nothing to do with any vulnerability in Google Apps".

He said this was more to do with "Twitter being in enough of a spotlight that folks who work here can be a target".

In his blog post, Mr Stone underlined the need for increased online security within the company and for staff to ensure their passwords are robust.

It is believed a French hacker who goes by the moniker "Hacker Croll" illegally accessed the files online by guessing staff members' passwords.

"News value"

A number of technology blogs were offered the documents for publication in what is now being dubbed "Twittergate" in some online forums.

TechCrunch, one of the most respected blogs in Silicon Valley, has set off a firestorm of criticism and debate over its decision to post some of the material.

It started things off with what it called a "softball" and published details about a reality TV show involving Twitter. Details of such a programme were made public in May.

That was followed by documents relating to an internal Twitter financial forecast that the company said is no longer accurate.

"There is clearly an ethical line here that we don't want to cross, and the vast majority of these documents aren't going to be published, at least by us.

"But a few of the documents have so much news value that we think it's appropriate to publish them," wrote TechCrunch Editor and founder Michael Arrington

Mr Arrington noted the site received a deluge of comments on the issue and said "many users say this is "stolen" information and therefore shouldn't be published. We disagree.

"We publish confidential information almost every day on TechCrunch. This is stuff that is also "stolen," usually leaked by an employee or someone else close to the company."

The TechCrunch founder cited examples of stories it has covered in the past that involved information it had acquired and also those covered by newspapers like the Wall Street Journal that had done a similar thing.

Mr Arrington said that he has also consulted lawyers about the laws that cover trade secrets and the receipt of stolen goods.

"Embarrassing"

Many in the technology industry said this latest episode points to the potent reminder of how much information is stored in the cloud and the vulnerability or otherwise of that data.

The hacker has claimed to have wanted to teach people to be more careful and in a message to the French blog Korben, wrote that his attack could make internet users "conscious that no one is protected on the net."

"The security breach exploited "an easy-to-guess password and recovery question, which is one of the simplest ways to make a username and password combination really insecure," said Phil Wainewright of ZDNet.com

"Unfortunately, users won't wise up until the cloud providers force them to."

In a study last year the security firm Sophos found that 40% of internet users use the same password for every website they access.

The affair has put Google on the defensive because the information was stored in Google Apps, an online package of productivity software that includes email, spreadsheets and calendars.

The company issued a blog post. While it highlighted the need for strong security, it said it could not discuss individual uses or customers.

Twitter's Mr Stone tried to play down the importance of the information being touted around the web.

"Obviously, these docs are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world.

"This is "akin to having your underwear drawer rifled: Embarrassing, but no one's really going to be surprised about what's in there." That is an apt apology," Mr Stone said.

At the social media blog Mashable, Adam Ostrow agreed.

"It's another embarrassing moment in Twitter's torrid growth, but nothing that's likely to bring the house down."

Also see -

Tech Crunch’s posting-

http://www.techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-confidential-twitter-documents/

Twitter’s response

http://blog.twitter.com/2009/07/twitter-even-more-open-than-we-wanted.html

Quote of the Day...

2009-07-17T22:02:00.001+05:30

Quote of the day

In school you get the lesson and then take the test;

In life you take the test and then get the lesson.

New IT Term of the day

2009-07-17T21:43:00.000+05:30

New IT Term of the day

clewbie

An Internet slang term that means "clueless newbie".

CYBER FIGHT : Hackers Increasingly Targeting Religion Sites

2009-07-17T21:42:00.000+05:30

CYBER FIGHT : Hackers Increasingly Targeting Religion Sites

10 July 2009

By Paul Goble

The Moscow Times

http://www.moscowtimes.ru/article/1328/42/379446.htm

Hacker attacks against sites maintained by political opponents of the Russian government have received a great deal of attention. One target of hackers that has received far less press is Runet sites operated by religious groups, which are increasingly coming under cyber attack, a trend that reflects the importance of the Internet in Russian religious life.

In an article in newspaper Novya Izvestiya, reporter Mikhail Pozdnyaev says that among those who have suffered from hacker attacks are “representatives of all confessions, official and independent information agencies that write about religious news, and popular missionaries."

Because of the diversity of sites and the difficulties involved in determining why a site may have failed and in tracking down those responsible, there are no reliable statistics available on just how widespread this trend is. Consequently, the Novaya Izvestiya journalist describes some of the more high-profile examples of this phenomenon.

Pozdnyaev begins with the hacker attack on the official site of the Maykop and Adygei eparchate of the Russian Orthodox Church this past Sunday. For several hours, he reports, visitors to the site found a page that had nothing to do with religious affairs, though the eparchate’s technical staff was able to restore the site rather quickly.

Officials in the eparchate told Pozdnyaev that they believe that this attack happened when it did because at least some of the faithful are unhappy that Archbishop Panteleimon has been replaced as head of the see by Bishop Tikhon. The hackers, these officials believe, were supporters of Panteleimon.

But exactly who carried out the cyber attack remains unknown in this case, as in others even when the hackers declare themselves — as happened earlier this year — to be representatives of the “ Free Radical Society of Atheists of Bobruisk” or the “Atheist from Shenkursk,” titles that are only user names that reveal little.

A much larger hacking scandal occurred during the controversy over now dethroned Bishop Diomid and his challenge to the Moscow Patriarchate. The “Orthodoxy in the Far East” portal that featured information on his case came under attack twice — once with those responsible posting pornographic pictures and another time with foul language.

The priest who oversees the portal said the hackers were people who supported Diomid and had enough resources to overcome the portal’s defenses. Since then, the Interior Ministry’s Bureau of Special Technical Measures has tracked down the individual involved: He is a citizen of one of the CIS countries, the ministry reported.

Russian prosecutors are seeking to bring this person to justice, the journalist says, but they have not had much luck. And that highlights a serious problem: As Pozdnyaev notes, “catching a hacker is harder that restoring a site that has been attacked.”

Other religious entities that have been targeted include the Estonian Orthodox Church of the Moscow Patriarchate, the official site of the Patriarchate itself following the death of Aleksii II, and Portal-Credo.ru, an independent religious news portal that is often highly critical of the Orthodox Church.

Hacker attacks against web sites maintained by the Russian Orthodox Church, its various subdivisions and even individual clerics, such as Archdeacon Andrey Kurayev, are a relatively new phenomenon, but such attacks have been taking place against Islamic sites on a regular basis for a decade.

At the end of June, hackers took offline for a brief period two of the most important Russian-language Islamic news sites, Islam.ru and IslamNews.ru, both of which have been subject to similar attacks in the past. Pozdnyaev says that it is possible that the hackers are people who “do not share the loyal attitude” of these sites to the government.

BEWARE : Social-networking Site Tagged to Be Sued for deception

2009-07-17T21:39:00.001+05:30

BEWARE : Social-networking Site Tagged to Be Sued for deception

Jeremy Kirk,

IDG News Service

July 10, 2009

http://www.pcworld.com/businesscenter/article/168204/socialnetworking_site_tagged_to_be_sued_by_new_york.html

The state of New York plans to sue the social-networking site Tagged.com for allegedly using deceptive e-mails in order to gain new users, the Office of the Attorney General said Thursday.

From April through June, Tagged sent 60 million e-mails to people saying that members of the site had tagged them in photos but the photos did not exist, according to a news release from the office, lead by Attorney General Andrew M. Cuomo.

The e-mails that people received appeared to come from their friends but did not, which constitutes spam. The recipients were forced to become members of Tagged if they wanted to access the purported photos, the office alleges.

Tagged, which has been around for five years, would then illegally get access to those new users' e-mail address books and send out more messages without those users' knowledge. Tagged will be sued for deceptive e-mail marketing practices and invasion of privacy, the office said.

Tagged CEO Greg Tseng wrote on a company blog that the site did not access peoples' address books without their consent. But Tseng wrote the company realized that the language used to guide users during registration was confusing.

"The registration drive generated some complaints," Tseng wrote. "We immediately stopped using this registration process before being contacted by the Attorney General's office."

On June 16, Tseng wrote in another blog post that the registration drive resulted in 3 million new users for Tagged, but also resulted in 2,000 complaints "from people who invited all the contacts in their e-mail address books but didn't intend to."

"Simply put, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts," Tseng wrote. Tagged halted the new registration scheme on June 7. It also e-mailed new members telling them how to quit Tagged.

The Attorney General's office said it would seek to stop Tagged from engaging in fraudulent practices and pursue fining the company.

RISK : Poor IT job market may fuel online crime

2009-07-17T21:20:00.000+05:30

RISK : Poor IT job market may fuel online crime

by Diane Bartz and Richard Chang

Jul 14, 2009

http://www.reuters.com/article/technologyNews/idUSTRE56D2H120090714

WASHINGTON (Reuters) - The ever-weakening job market could well lead to an increase in online crime as laid-off workers, especially those with computer skills, turn to scams to support themselves, Cisco Systems Inc said in a mid-year security report to be released on Tuesday.

Disgruntled employees may target their former employers, and Cisco warned that insiders "can be especially damaging for an organization because insiders know security weaknesses."

A former information technology analyst at the Federal Reserve Bank of New York was arrested in April along with his brother on suspicions of taking out loans using false identities. FBI investigators found a flash drive attached to the bank employee's computer with applications for $73,000 in loans in the names of stolen identities, the report said.

Cisco warned companies which use short-term IT consultants or who contract out the tasks to "be particularly vigilant about the level and term of their access to sensitive data."

The report included snippets of a conversation with a botmaster, or someone who remotely takes over computers without users' knowledge and often sells the resulting access to spammers.

The hacker declined to say how much he earned but said "'a guy I know'" can earn $5-10K weekly, by phising (sic) bank accounts." Phishing is the practice of convincing a victim to give up valuable information -- like a password to a bank account. The account can then be emptied.

UNPREPARED : Korea Ill-Prepared for Online Attacks

2009-07-17T21:12:00.000+05:30

UNPREPARED : Korea Ill-Prepared for Online Attacks

By Kim Tong-hyung

koreatimes.co.kr

13 July 2009

http://www.koreatimes.co.kr/www/news/biz/2009/07/123_48336.html

South Korea has so big a hole in its cyber security that another wave of online attacks will prove to be as devastating as those of last week.

First, virtually anybody can mount such attacks. Although government officials suspect North Korea may have been orchestrating these virtual attacks, a gang of teenagers could possibly organize and bring the same amount of damage as a nation can, and with a program purchased online for the same price as a song.

When the country was pummeled by a massive distributed denial of service (DDoS) attack over four days until last weekend, it was a handful of private firms that came to the rescue.

In addition, systemic flaws such as over-reliance on Microsoft's Active-X program need to be addressed. Without them, all Korea can do appears to be nothing but pray that no such attacks recur.

The Korea Communications Commission (KCC) admits that more DDoS attacks are a possibility, considering that the types of malicious software that infected scores of Korean computers at homes and offices are programmed to update automatically. Whether the country would be better prepared for another powerful Internet attack is a totally different matter.

``We have been analyzing the malicious codes, and found that the programs were designed to self-destruct after initiating three attacks. We have yet to find a mutated version of the codes,'' said Hwang Cheol-joong, a KCC official.

As of Saturday, more than 97 percent of 77,875 infected computers had been cleared of the malicious programs, the KCC said. The state-run Korea Information Security Agency (KISA) is currently analyzing 22 sample types of the malicious codes.

``It is encouraging that the number of infected computers was fewer than first thought, even when considering the devices that remain unreported. However, considering that these DDoS bots are not controlled by command and control (C&C) operational software, but programmed for automated updates and self-destruction, we need to stay alert. There also might be types of codes that we have yet to discover,'' Hwang said.

The National Intelligence Service (NIS), the country's spy agency, is responsible for protecting public Internet infrastructure from Internet attacks, while KCC and KISA handle the private side.

However, the Ministry of Public Administration and Security deals with breaches within government networks, while the National Police Agency combats ``cyber crimes.''

The complicated relations between these agencies make it difficult for the government to muster a quick and coordinated approach when crisis hits, according to critics, who call for the establishment of a ``control tower.''

``We agree that there should be a more simplified chain of command. The current system has problems,'' Choi See-joong, the KCC chairman, told reporters last week.

It could also be said that Korea was behind for its Microsoft monoculture for Web browsers. In Korea, all encrypted transactions on the Internet are required to be done through Microsoft's ``Active-X'' controls, which work only on Internet Explorer browsers. As a result, the market share of Internet Explorer remains in the high 90s.

However, Active-X is also linked with security concerns, as the controls require full access to the Windows operating system on computers. This means that malicious programs can direct the browser to download files that compromise the user's control of the computer.

``Active-X happens to be one of the ideal tools for malicious codes to be distributed. Even Microsoft is phasing Active-X out due to security worries, but Korea has been a step behind,'' said an official from KTB Solutions, a computer software company.

(Why single out Korea? Most of the countries are ill-prepared for Cyber Security. In fact, in some countries, the concept of Cyber Security exist on paper only - Editor)

Quote of the day

2009-07-15T21:59:00.000+05:30

Quote of the day

The period of greatest gain in knowledge and experience is the most difficult period in one’s life.

Dalai Lama

New IT Term of the day

2009-07-15T21:47:00.000+05:30

New IT Term of the day

photoshopping

A slang term used to describe any image that has been digitally manipulated or altered.

EXTRADITED : Indian Hacker Extradited to US

2009-07-15T21:42:00.000+05:30

EXTRADITED : Indian Hacker Extradited to US

Three men allegedly made millions manipulating prices of several stocks, including Google

By Robert McMillan

IDG News Service

July 08, 2009

An Indian man has pleaded not guilty to charges that he hacked into online brokerage accounts in order to manipulate stock prices.

Jaisankar Marimuthu, 34, of Chennai, was extradited to the US from Hong Kong on June 20, making him the latest to face charges in what authorities described as an international "hack, pump and dump" scheme. He entered a not guilty plea in US District Court for the District of Nebraska on June 25, according to court records.

Marimuthu had already been arrested by Hong Kong police on similar charges, the US Department of Justice (DoJ) said.

Another man, Thirugnanam Ramanathan, pleaded guilty to fraud charges stemming from the scheme and was sentenced to two years in prison in September. However, he was deported on Jan. 29, before serving his full sentence, according to Ian McCaleb, a DoJ spokesman.

A third man, Chockalingam Ramanathan, has been charged in the US but is still at large, McCaleb said.

The three were charged two years ago for a 2006 scheme in which they allegedly hacked into online brokerages or created new accounts using stolen identities, then bought and sold stocks in order to manipulate prices to their benefit.

They hacked into more than 60 accounts in nine brokerage firms, including ETrade and TD Ameritrade, according to authorities. One firm lost more than US$2 million because of the scam.

The men allegedly drove up prices of low-volume stocks they owned, such as Acordia Therapeutics, Pacel and IGI, by buying shares with the hacked accounts, then dumping the stocks before the price dropped, authorities said. In October 2006, they also manipulated the price of near-worthless "put" options for Google, which gave buyers the option of selling Google stock for $240 (about half its value at the time), authorities said.

How Marimuthu and his associates allegedly gained access to the brokerage accounts is unclear, but court filings suggest that he may have obtained them from Internet cafés used by American and European visitors to Bangkok. Marimuthu and the others stayed at the Raja Hotel in Bangkok in 2006, prosecutors said.

Wireless networks at hotels and Internet cafés can be a security risk, especially if they are unencrypted or use the cracked Wired Equivalent Privacy (WEP) system to secure network traffic.

BOOKED : Pakistani Lady MPA booked for credit card theft

2009-07-15T21:38:00.000+05:30

BOOKED : Pakistani Lady MPA booked for credit card theft

July 13, 2009

http://www.thenews.com.pk/top_story_detail.asp?Id=23239

LAHORE: Ghalib Market Police on Sunday registered a theft case against a Pakistan Muslim League-N MPA, Shumaila Anjum Rana, for allegedly stealing two credit cards from a woman’s purse, doing shopping and paying Rs 80,000 through the stolen cards.

An FIR No 551/09 has been registered against the MPA under Section 379 of the Pakistan Penal Code on the complaint of Muqeet Salam, the brother-in-law of Zaira Malik of Canal Bank, the owner of the credit cards.

Investigation Officer Sub-Inspector Maqsood told The News he tried to contact the accused MPA by telephone several times, but she was not available. He said Muqeet alleged in the application that his sister-in-law, Zaira Malik, was present in a fitness club on July 7 when she found her credit cards, issued by the United Bank Limited and Bank Alfalah Limited, missing from her purse. He said Zaira contacted the banks concerned and was informed that transactions worth Rs 80,000 had been made through her credit cards. He alleged that the banks also informed her that the ‘thief’ had purchased goods from a shop at the Siddique Trade Centre.

The police quoted the complainant as saying that the shop owner also showed the CCTV footage to them and finally Zaira recognised MPA Shumaila, who was not a member of the fitness club. He said they had also got records of transactions from the shopkeeper in which the use of Zaira Malik’s credit cards was mentioned.

A police official said that raids would be conducted to arrest the accused if she didn’t surrender to the police. On Saturday, the Ghalib Market police had denied receiving any application against the said MPA. However, after it was proven from witnesses and evidence, a case was registered with the consent of senior police officials.

Meanwhile, Punjab Chief Minister Shahbaz Sharif has said legal action will be taken against MPA Shumaila Anjum Rana.He was talking to media persons at the Ittefaq Hospital here on Sunday. Answering a question regarding MPA Shumaila Anjum Rana, he said law has started taking its course and all legal requirements will be fulfilled in this regard.

REPORT : 73 Percent of U.S. Businesses Breached

2009-07-15T21:32:00.001+05:30

REPORT : 73 Percent of U.S. Businesses Breached

The report has a recommendation for organizations that fear a breach and the reporting requirements that go with it.

July 13, 2009

By Alex Goldman

http://www.internetnews.com/security/article.php/3829391

The fourth annual U.S. Encryption Trends Study was released today by The Ponemon Institute. The study says that 73 percent of surveyed businesses have experienced a data breach in the past year, up from 60 percent in the 2008 study. The report was sponsored by encryption supplier PGP Corp.

"A data breach is defined as the loss or theft of confidential or sensitive data including information about people and households," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, in an e-mail to InternetNews.com.

The numbers are comparable to a similar study released last week concerning UK businesses. There, the Ponemon Institute found that 70 percent had been breached in the last year.

The report was based on surveys with nearly a thousand (997) U.S.-based executives.

Organizations need to have a holistic data encryption strategy, according to the report.

"For the second year in a row, organizations with no encryption strategy accounted for all the organizations that suffered five or more data breaches (13 percent)," the report said.

Organizations are adopting encryption to comply with industry regulations and state and federal laws, the report explained.

A flood of data breaches

The news comes as reporting requirements are becoming more burdensome. For example, a recent change to reporting requirements for healthcare organizations in California has resulted in a flood of data breach reports there.

Businesses can expect closer scrutiny of security issues -- and failures -- as the government ponders new privacy laws.

The report touts the platform approach to encryption. The use of "encryption applications managed via a platform continues to be a best practice approach to an overall data protection strategy in 2009," said Dr. Ponemon in a statement.

Also today, PGP Corporation released two new products. PGP Portable is designed to help encrypt removable storage devices, while PGP Mobile helps organizations encrypt data on mobile devices. Pricing for the new products was not disclosed.

According to the report, organizations see a need to protect mobile devices. "More than 59 percent of respondents say it is very important or important to encrypt employees' mobile devices -- a sign that organizations recognize that valuable data is more mobile than ever," the report said

Companies are right to be concerned about breaches, the report said, referring to an earlier study by The Ponemon Institute that found that breaches cost businesses, on average, $202 per record and, in total, an average of $6.6 million.

FALSE POSITIVE : Glitch in antivirus software troubles PC users

2009-07-15T21:28:00.000+05:30

FALSE POSITIVE : Glitch in antivirus software troubles PC users

By JORDAN ROBERTSON

AP Technology Writer

Jul 10, 2009

http://tech.yahoo.com/news/ap/20090710/ap_on_hi_te/us_tec_antivirus_false_positive

Antivirus software cuts two ways. It's great at blocking known viruses, but it can sometimes misfire, mistakenly flagging clean files as malicious. That sends a computer into a tailspin trying to clean up stuff that's supposed to be on there.

The problem can crash a computer, and fixing it can be a bear.

An example emerged this week when users of antivirus software made by Islandia, N.Y.-based CA Inc. watched as their machines warned of an infection and started quarantining files that turned out to be legitimate.

Lee Jay Mandell, a 60-year-old retired computer consultant and patent attorney from the Los Angeles area, said the problem popped up on his computer Wednesday night. He knew something was wrong because he recognized the types of files that were being quarantined were parts of Microsoft Corp.'s Windows operating system.

He drew on his technical experience to restore the machine, but says less adept users might stumble.

"I'm back, but it took me about six hours to get back," he said Friday.

Every antivirus company deals with false positives, and it's an embarrassment for companies whose job is to protect people's machines from sabotage. It happens because legitimate files sometimes have programming code or behaviors that are identical to those of viruses. The antivirus software spots files it believes are malicious and starts plucking them out.

The results can range from annoyance to outright meltdown of the machine if critical files are targeted. Last week some people using McAfee Inc.'s antivirus software said their computers crashed because of a false positive.

McAfee said the false positive only happened on older versions of its software that are no longer supported by the company. Newer versions won't have the problem.

CA apologized for the problem Mandell and others encountered and said its last major false positive was three years ago.

"Minor false positives happen periodically, but CA has historically maintained an industry low rate of false positives," the company said in a statement.

Cleaning up a false positive detection isn't always easy. The program might do it for you. But sometimes a user might need to go into the list of quarantined files and manually rename them, or call the company to request software to do the task automatically.

CA emphasized that the files that its software wrongly spotted as viruses this week were quarantined or renamed, not deleted, and "are recoverable."

The lesson: Pay close attention to your computer if it's telling you it's found a virus and is cleaning it up. You might need to call your antivirus vendor's customer support to help you make sure your machine is totally clean — or to help you recover files if the cleanup was a false alarm.

Quote of the day

2009-07-11T19:28:00.000+05:30

Quote of the day

Patriotism is your conviction that this country is superior to all others because you were born in it.

George Bernard Shaw

New IT Term of the day

2009-07-11T19:26:00.000+05:30

New IT Term of the day

lock-in

The phrase used to describe a Web page that disables the browser's back button and prevents the user from leaving the page via the back button. The lock-in practice was originally used by pornography Web sites, however, more mainstream Web sites also use lock-in to keep readers on the Web site once it has loaded. Also a form of mousetrapping.

BUG : Flaw Opens ATMs to Hackers

2009-07-11T19:25:00.000+05:30

BUG : Flaw Opens ATMs to Hackers

A conference presentation would have exposed flaws in some cash machines.

By Robert Lemos

July 08, 2009

http://www.technologyreview.com/computing/22966/

Barnaby Jack, a security researcher at the computer networking giant Juniper, had planned to hack into an automatic teller machine (ATM) live onstage at the Black Hat Security Conference in Las Vegas later this month. But his presentation, designed to demonstrate the insecurity of various ATMs, attracted the attention of the financial industry as well as security professionals, and under pressure from ATM manufacturers, Juniper canceled the presentation last week, citing concerns that the vulnerabilities involved had still not been fixed.

"The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and--ultimately--the public," wrote Brendan Lewis, director of corporate social media relations for Juniper in a statement posted to the company's official blog last week. "To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen."

The presentation would have focused on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs, according to a source familiar with the details. While the presentation was canceled to allow manufacturers more time to fix the vulnerabilities, Juniper had originally notified the company almost eight months ago, says the source, who asked not to be named.

Other security experts are not surprised that the vulnerabilities are there to find. Significant flaws in cash machines and ATM networks are plentiful, says Nicholas Percoco, senior vice president of TrustWave, an information security and compliance firm that has assessed the security of point-of-sale terminals, kiosks, and ATM networks. "It is very, very rare that a device comes to our labs--in fact, I don't think that it has happened--that we don't find a vulnerability," Percoco says.

DOS ATTACK : Cyber Attack Knocks US Govt Websites Offline

2009-07-11T19:24:00.000+05:30

DOS ATTACK : Cyber Attack Knocks US Govt Websites Offline

By David Hamilton

WEB HOST INDUSTRY REVIEW

July 08, 2009

http://www.thewhir.com/web-hosting-news/070809_Federal_Websites_Knocked_Out_by_Cyber_Attack

The websites for several US government agencies, including some that patrol cyber crime, have been under attack since July 4, as a denial of service attack made many of these sites slow or accessible for as many as three days, signifying an unusually lengthy and sophisticated DoS attack.

The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department websites were down at various periods beginning on the holiday weekend, according to the Associated Press, which spoke to officials inside and outside the government, who also noted that some sites were still experiencing problems as recently as Tuesday evening.

Not confined to government agencies, the DoS attack affected other Washington DC targets: The Washington Post (www.washingtonpost.com) and its Security Fix blog Security Fix blogger Brian Krebs said The Post had been under attack by roughly 60,000 compromised PCs from around the world, running malicious software that orders them to visit targeted websites over and over, rendering them unreachable to legitimate visitors.

SecureWorks malware research director Joe Stewart told Security Fix said the attack is hitting various sites in the US and South Korea simultaneously. The mysterious attack contained few clues of its origins, except for a cryptic line of text buried in the malware, which reads "get/china/dns."

While there has been no official statement from a name government official, security and monitoring companies have commented on the severity of the attack. Keynote Systems Internet technologies director Ben Rushlo told the Associated Press that the Transportation Department site was completely offline for two days, and the FTC site, which started to come back online late Sunday, was still inaccessible 70 percent of the time on Tuesday.

"This is very strange. You don't see this," he told the Associated Press. "Having something 100 percent down for a 24-hour-plus period is a pretty significant event... The fact that it lasted for so long and that it was so significant in its ability to bring the site down says something about the site's ability to fend off (an attack) or about the severity of the attack."

ATTACK : Cyber Attack Continue on South Korea

2009-07-11T19:23:00.000+05:30

ATTACK : Cyber Attack Continue on South Korea

South Korea on high alert for more cyber attacks amid suspicions of North Korea involvement

By Hyung-jin Kim

July 9, 2009

http://blog.taragana.com/n/south-korea-on-high-alert-for-more-cyber-attacks-amid-suspicions-of-north-korea-involvement-103913/

SEOUL, South Korea — Seoul was on high alert Thursday for more cyber attacks amid suspicions that North Korea was behind a recent wave of Web site outages in South Korea and the United States. The South warned that computer networks of key infrastructure could be targeted.

The National Intelligence Service said in a statement it was strengthening cyber security measures for government computer networks, citing a possible new wave of attacks that could target national infrastructure operators like energy, telecommunications and media companies.

Earlier Thursday, the country’s leading computer security company also warned another wave of attacks was expected in South Korea later in the day. There was no word on whether U.S. sites would be hit again.

Seoul-based antivirus software developer AhnLab said it has analyzed a virus program that sent a flood of Internet traffic to paralyze Web sites in both South Korea and the United States. It said seven South Korean sites were likely to be targeted on Thursday.

Twelve South Korean sites were initially attacked Tuesday, followed by strikes Wednesday on 10 others, including government offices. The U.S. targets included the White House, Pentagon, Treasury Department and the Nasdaq stock exchange.

Some South Korean sites remained inaccessible or unstable on Thursday, including the National Cyber Security Center, affiliated with the main spy agency. No major disruptions, however, were reported.

The NIS informed members of parliament’s intelligence committee Wednesday that it believes North Korea or pro-Pyongyang forces were behind the cyber attacks, a lawmaker said.

On Thursday, Rep. Park Young-sun, a member of the committee, said a senior intelligence official told her the NIS suspects the North because the country warned it won’t tolerate what it claimed were South Korean moves to participate in a U.S.-led cyber warfare exercise, according to a statement from the opposition Democratic Party.

Park also told a party meeting that the NIS official cited the fact that most of the attacked sites were those of conservative organizations that have pushed the government to take a harder line on North Korea. Among the sites targeted were those of the presidential Blue House and the ruling Grand National Party.

Park said the NIS official told her the spy agency only gave the committee members the information in the form of a progress report, suggesting no conclusions had been made. Park didn’t identify the official.

The spy agency said it could not immediately confirm Park’s remarks.

The agency’s statement Thursday didn’t mention suspected North Korean involvement and only repeated it was closely cooperating with the U.S. and other countries to discover the origin of the attacks. On Wednesday it said the sophistication of the attacks suggested they were carried out at a higher level than rogue or individual hackers.

U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.

Three U.S. officials said while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il’s government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.

On Thursday, the Dong-a Ilbo newspaper reported that South Korea has detected signs that North Korea or its sympathizers in China or elsewhere committed the cyber attacks.

The paper, citing an unidentified government official, said the assessment was made after an investigation of infected computers’ IP addresses — the Internet equivalent of a street address or phone number.

South Korean media reported in May that North Korea was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.

The communist North has recently engaged in a series of threats and provocative actions widely condemned by the international community, including a nuclear test and missile launches.

The cyber outages were caused by so-called denial of service attacks in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the state-run Korea Information Security Agency said.

Ku Kyo-young from the state-run Korea Communications Commission said about 20,000 computers in South Korea had been infected by Wednesday evening and the number could have increased.

There were no immediate reports of financial damage or leaking of confidential national information, according to the Korea Information Security Agency. The attacks appeared aimed only at paralyzing Web sites.

KEY : Education is the Key to IT Security

2009-07-11T19:14:00.000+05:30

KEY : Education is the Key to IT Security

FBI wants more online security education and skepticism

Symantec-hosted panel discussion reveals hacker profiles are hard to define, which is why security should be top-of-mind

By Maxine Cheung

9 July 2009

http://www.itbusiness.ca/it/client/en/home/News.asp?id=53818

NEW YORK - According to two U.S. government officials, Internet crime rates will continue to increase because end-users and enterprises lack awareness and education about the current online threat landscape.

During a Symantec hosted security panel held here Tuesday, Michael Stawasz, senior counsel for the computer crime and intellectual property section at the U.S. Department of Justice, based in Washington and Austin Berglas, supervisory special agent for the cyber crime unit at the FBI's New York office, spoke about today's cyber crime landscape and gave their advice on how users and organizations can prevent it.

With the Internet and online services being so widely accessed and available, online threats and vulnerabilities are becoming more common, said Stawasz.

“At the U.S. Department of Justice, getting our best practices out to scale for the amount of crimes that are being committed will be the biggest challenge for us at this point," Stawasz said. “Just having one or two people trained isn't enough for the whole country because you need to get more people trained.”

Berglas said that the individuals who are most vulnerable to cyber crime attacks are those who do not properly protect themselves and their computers.

While the motive behind many online attacks is for financial gain, Stawasz said there are people who commit these crimes for other reasons, such as for power and just for fun too.

Berglas agreed and gave the example of a 12-year-old kid who was redirecting traffic from a law firm's Web site to a site he had made, just for fun.

“You don't have to be that technically sophisticated to commit a cyber crime now,” he said. “You don't have to be a computer genius to partner with other criminals, or to purchase what you need to commit these crimes.”

In fact, both Berglas and Stawasz said it's difficult to define what a computer hacker or cyber criminal actually looks like, simply because the people who are doing it are so varied. Based on what he's seen, Stawasz said it's fair to say there are more male cyber criminals than there are women. Not only are juveniles committing these crimes, but adults and older adults are too, he added.

To better protect yourself from being the victim of an attack, Berglas says it's critical that users educate themselves about the threats and issues that are out in the online world today.

“People have to be careful with any personal information and documents they have on the computer,” Berglas said. “You have to be careful and users should ask themselves if they really want to click on the link from an e-mail user they don't know. Companies should be educating their customers the same way because the absolute vulnerability in this day and age is the uneducated consumer.”

Having security and anti-virus software will help any consumer and business; however Berglas says having just this, is simply not enough. Computers should also be kept up to date with security updates and users should guard their user id and passwords, he added.

It's as the popular saying goes, “If something doesn't look right, it probably isn't,” Berglas said.

Quote of the day

2009-07-08T22:23:00.000+05:30

Quote of the day

When it rains all birds occupy shelter, but EAGLE is the bird that avoids the rain by flying above the cloud.

Problems are common to all but ATTITUDE makes the difference.

New IT Term of the day

2009-07-08T22:20:00.001+05:30

New IT Term of the day

Ksplice

An extension of the Linux kernel that is used for rebootless updates. Security and source code patches are applied without needing to reboot the operating system. Ksplice is developed by Massachusetts-based company, Ksplice Inc.

BLOCKED : Internet, Twitter blocked in China city after ethnic riot

2009-07-08T22:16:00.001+05:30

BLOCKED : Internet, Twitter blocked in China city after ethnic riot

The moves added to China's long-standing efforts to control online speech

By Owen Fletcher and Dan Nystedt

IDG News Service

07/06/2009

http://www.networkworld.com/news/2009/070609-internet-twitter-blocked-in-china.html?source=NWWNLE_nlt_daily_pm_2009-07-06

China appeared to block Twitter across the country and Internet access in a western province on Monday, after ethnic riots killed at least 140 people in the remote region.

The moves were an apparent bid to stanch the flow of information out of Xinjiang province and to prevent further rioting there. Over 800 other people were injured and the official death toll is likely to rise, the state-run Xinhua news agency said.

10 ways the Chinese Internet is different from yours

The government actions added to long-standing efforts to control online discussion of sensitive topics, especially at times of crisis.

"They cut off the Internet to shut down communications," said Wu'er Kaixi, an ethnic Uighur who fled China after helping lead pro-democracy protests there twenty years ago. The Uighurs are a minority concentrated in Xinjiang province that China has struggled to assimilate.

LAW : Kerala preparing new law to tackle cyber crimes

2009-07-08T22:14:00.000+05:30

LAW : Kerala preparing new law to tackle cyber crimes

Jul 6, 2009

IANS

http://in.news.yahoo.com/43/20090706/860/ttc-kerala-preparing-new-law-to-tackle-c.html

Thiruvananthapuram, July 6 (IANS) Kerala Home Minister Kodiyeri Balakrishnan Monday told the state assembly that a comprehensive law is being prepared to tackle the increasing number of cyber crimes being reported in the state.

'We are working with the legal department to see that a comprehensive law is worked out. The current IT Act does not have enough teeth because it was formed a few years back, and since then the world of technology has changed dramatically. So that has to be amended,' Balakrishnan said.

Replying to a calling attention motion moved by Congress leader Thiruvanchoor Radhakrishnan, the minister said a full-fledged cyber police station has already started functioning here as the first step to tackle the menace.

Moving the motion, Radhakrishnan stressed that the use of mobile phones in educational institutions should be banned as it would go a long way in checking cyber crime.

'The mobile and the Internet have now been identified as root causes of cyber crimes and most of the victims are women and girls. A cyber fraud information centre has to be opened,' said Radhakrishnan.

Balakrishnan said: 'We have already started to computerise all police stations and also train police officials on the ways to conduct investigation into cyber frauds with the help of C-DAC (Centre for Development of Advanced Computing).'

RISK : No business is immune to cyber crime

2009-07-08T22:12:00.000+05:30

RISK : No business is immune to cyber crime

Cyber getting crime worse

7th July 2009

http://www.thedaily.com.au/news/2009/jul/07/aap-cyber-crime-getting-worse-forum/

An international forum has heard no business is immune to cyber crime and it is only going to get worse.

About 100 experts from around the world are gathering in Brisbane on Tuesday for a high-tech crime symposium.

Queensland Police Commissioner Bob Atkinson said fraud and corporate crime using the internet was getting worse.

"Cyber crime is a global phenomenon that can be expected to continue to rise exponentially around the world as the internet continues its roll out," Mr Atkinson told a press conference.

"It is for this reason significant effort has been made to bring together an ensemble of national and international speakers and presenters together to gain a broader appreciation of a unique crime environment.

"No one nor any business is immune. If you own a computer or a phone you fall within the potential victim network."

Mr Atkinson said scams were becoming more sophisticated, using not only email and the web but mobile phone text messages.

"We see victims suffer not only embarrassment and humiliation but many victims are losing their home and life savings - everything," Mr Atkinson said.

"Additionally, we see that corporate entities are becoming more often the individual focus of highly skilled hackers and cyber criminals."

The conference has been organised for experts to share strategies and initiatives to crack down on net crime.

HACKED : South Korea govt websites hacked

2009-07-08T22:04:00.000+05:30

HACKED : South Korea govt websites hacked

Reuters / NZPA

July 08, 2009

http://tvnz.co.nz/technology-news/south-korea-govt-websites-hacked-2835123

South Korean authorities issued a cyber security warning after the websites of several major government agencies and financial institutions were disabled by apparent hacker attacks.

The websites of the presidential office, Defence Ministry, and the National Assembly were saturated with access requests generated by malicious software on Tuesday, crippling server response to legitimate traffic, South Korea's Communications Commission said in a statement.

"The attacks consisted of massive harmful traffic to specific sites causing access slowdown or disablement, and some national institutions, banks and media sites have been targeted," it said.

Some government websites and online shopping services remained down on Wednesday and access to some US government sites from the country appeared to have been disabled.

The commission is working to block the spread of malicious software suspected of causing the attack and has advised users to keep security patches and anti-virus programmes up to date.

Police and prosecutors have begun an investigation into the incidents, South Korea's Yonhap news agency said.

News of the attack caused shares of some online security firms to jump on Wednesday morning, with Ahnlab Inc up by the market's 15% daily limit and ESTsoft Corp climbing 5.31% against the junior Kosdaq market 0.36% slide.

A similar attack on major websites in Estonia two years ago prompted the NATO military alliance to review its response against possible cyber-warfare.

Quote of the day

2009-07-07T07:25:00.000+05:30

Quote of the day

Perhaps the most obvious political effect of controlled news is the advantage it gives powerful people in getting their issues on the political agenda and defining those issues in ways likely to influence their resolution.

W. Lance Bennett

Author, professor at University of Washington

Source: News: The Politics of Illusion, 1983

LSE to abandon failed Windows platform

2009-07-07T07:23:00.000+05:30

ABANDONED : LSE to abandon failed Windows platform

By Steven J. Vaughan-Nichols

Jul 1 2009

http://blogs.computerworld.com/london_stock_exchange_to_abandon_failed_windows_platform

Anyone who was ever fool enough to believe that Microsoft software was good enough to be used for a mission-critical operation had their face slapped this September when the LSE (London Stock Exchange)'s Windows-based TradElect system brought the market to a standstill for almost an entire day. While the LSE denied that the collapse was TradElect's fault, they also refused to explain what the problem really wa. Sources at the LSE tell me to this day that the problem was with TradElect.

Since then, the CEO that brought TradElect to the LSE, Clara Furse, has left without saying why she was leaving. Sources in the City-London's equivalent of New York City's Wall Street--tell me that TradElect's failure was the final straw for her tenure. The new CEO, Xavier Rolet, is reported to have immediately decided to put an end to TradElect.

TradElect runs on HP ProLiant servers running, in turn, Windows Server 2003. The TradElect software itself is a custom blend of C# and .NET programs, which was created by Microsoft and Accenture, the global consulting firm. On the back-end, it relied on Microsoft SQL Server 2000. Its goal was to maintain sub-ten millisecond response times, real-time system speeds, for stock trades.

It never, ever came close to achieving these performance goals. Worse still, the LSE's competition, such as its main rival Chi-X with its MarketPrizm trading platform software, was able to deliver that level of performance and in general it was running rings about TradElect. Three guesses what MarketPrizm runs on and the first two don't count. The answer is Linux.

It's not often that you see a major company dump its infrastructure software the way the LSE is about to do. But, then, it's not often you see enterprise software fail quite so badly and publicly as was the case with the LSE. I can only wonder how many other Windows enterprise software failures are kept hidden away within IT departments by companies unwilling to reveal just how foolish their decisions to rely on archaic, cranky Windows software solutions have proven to be.

I'm sure the LSE management couldn't tell Linux from Windows without a techie at hand. They can tell, however, when their business comes to a complete stop in front of the entire world.

So, might I suggest to the LSE that they consider Linux as the foundation for their next stock software infrastructure? After all, besides working well for Chi-X, Linux seems to be doing quite nicely for the CME (Chicago Mercantile Exchange), the NYSE (New York Stock Exchange), etc., etc.

Kill threat scam hits Australian mobile phones

2009-07-07T07:21:00.000+05:30

NEW TECHNIQUE : Kill threat scam hits Australian mobile phones

The Sunday Mail

July 05, 2009

http://www.news.com.au/couriermail/story/0,20797,25733434-8362,00.html?from=public_rss

AN SMS scam with a deadly twist is doing the rounds of Australian phones.

The text tells phone users: "I am about to kill you, if you want to live contact (hbko@ pobox.sk) to get information on what you will have to do to live. If you ignore this message, you will die."

Users who send a message to the email listed in the SMS receive a reply asking them for $A10,000.

It is believed the scam focuses Optus users in particular, but Vodafone customers have also reported receiving the threats.

The SMS is sent from the telephone number 856 207 580 237 and victims have reported multiple calls.

A Queensland Police Service spokeswoman said police were aware of the SMS and urged phone users who receive it to delete it immediately.

She urged anyone concerned by the SMS to contact their local police station.

Billions stolen in online robbery

2009-07-07T07:20:00.000+05:30

VIRTUAL THEFT : Billions stolen in online robbery

Space trading game Eve Online has suffered a virtual version of the credit crunch.

BBC NEWS

2009/07/03

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8132547.stm

One of the game's biggest financial institutions lost a significant chunk of its deposits as a huge theft started a run on the bank.

One of the bank's controllers stole about 200bn kredits and swapped them for real world cash of £3,115.

As news of the theft spread, many of the bank's customers rushed to remove their virtual cash.

Space scandal

The theft from EBank took place in early June but only now have details emerged about the amount of money stolen and why it was taken.

The theft was carried out by EBank's chief executive, a player known as Ricdic, now known to be a 27-year-old Australian who works in the technology industry. His full identity has not been revealed save that his first name is Richard.

The stolen kredits amounted to 8% of the 2.6tn that Ebank had in its virtual vaults.

"Basically this character was one of the people who had been running EBank for a while. He took a bunch of (virtual) money out of the bank, and traded it away for real money," Ned Coker, of Icelandic company CCP which runs Eve, told the Reuters news agency.

Eve Online has about 300,000 players all of whom inhabit the same online universe. The game revolves around trade, mining asteroids and the efforts of different player-controlled corporations to take control of swathes of virtual space.

It has now emerged that Ricdic used the cash to put down a deposit on a house and to pay medical bills.

"I'm not proud of it at all, that's why I didn't brag about it," Ricdic told Reuters. "But you know, if I had to do it again, I probably would've chosen the same path based on the same situation."

Ricdic has now been thrown out of the game as trading in-game cash for real money is against Eve Online's terms and conditions.

The rules governing play within Eve would not have sanctioned Ricdic if he had simply stolen the cash and used it in the game, nor if he had bought kredits with real dollars.

The scandal is not the first to play out in Eve Online. In early 2009 one of the game's biggest corporations, called Band of Brothers, was brought down by industrial espionage.

Indian Orkut Accounts Compromised For Phishing

2009-07-07T07:18:00.000+05:30

BEWARE : Indian Orkut Accounts Compromised For Phishing

SPAMfighter News

03-07-2009

http://www.spamfighter.com/News-12663-Indi...or-Phishing.htm

According to McAfee Avert Labs, as Web 2.0-based social networking sites such as Facebook and MySpace increase in popularity, their users too are increasingly proving as convenient attack points for identity scams and other online frauds. Recently, hackers, online scammers and other cyber-criminals have been using Twitter as well to phish off private data from Web surfers.

Aside these websites, another social networking site that cyber-criminals prefer to use is Orkut, which probably represents the most widely visited and popular social networking site across the Indian sub-continent. As a matter of fact, reports state that over 15% of Orkut traffic flows from India.

Consequently, phishers have devised a stylish approach i.e. in light of a huge population of Indian users favoring Orkut but being insufficiently tech-savvy, phishers and other online scammers have secured control over their accounts through the act of hijacking the Orkut networking accounts of these India-based users.

Seemingly, phishers have modified these accounts' user profiles, connecting them to their different fraudulent (phishing) websites that entice users into revealing their private details.

For instance, these phishing sites could pretend to be Orkut in its adult version. Meanwhile, it is reported that the fake Orkut website on sex-related content named "Orkut Sex" has met with ongoing success in enticing numerous Orkut members into feeding personal user identifications into the bogus site. Accordingly, when these identification details come into the hands of scammers, the latter use them to harvest other private details of the users and subsequently make illegal money transfers.

McAfee Avert Labs, meanwhile, has observed an array of phishing sites related to Orkut namely http://orkutst[blocked].tk, http://orkutsexlogi[blocked].tk, http://priya[blocked].freehostia.com, http://s3x[blocked].kilu.de and http://album[blocked].kilu.de.

Thus, security experts at McAfee once again repeat for end-users that they mustn't disclose their monetary or any other personal information online, especially on websites such as Orkut. They also reiterate that users must ensure for all protective measures, in place, on their computers, while avoiding all forms of phishing sites.

Moreover, users on Orkut, MySpace, Facebook and other social networking sites must make themselves aware of the botherations they might encounter if a malicious spam or phishing attack chases them.

Quote of the day

2009-07-04T22:39:00.000+05:30

Quote of the day

Yesterday is a canceled check: Forget it. Tomorrow is a promissory note: Don't count on it. Today is ready cash: Use it!

Edwin C. Bliss

(Author)

New IT Term of the day

2009-07-04T22:38:00.000+05:30

New IT Term of the day

Covert environment

In biometrics terminology, covert or covert environment refers to a biometric sample collection location where individuals in the location are not aware that the sample is being taken. One common covert environment is airport checkpoint security where cameras capture images of travelers that are compared to images on a security watch-list. The image capture and comparison is performed without the traveler's knowledge.

RECORD : 90 data breaches in 2008

2009-07-04T22:36:00.001+05:30

RECORD : 90 data breaches in 2008

By Linda Musthaler,

Network World,

June 26, 2009

http://www.networkworld.com/newsletters/techexec/2009/062909bestpractices.html

Data breaches continue to plague organizations in virtually every industry. In some breaches, the root cause is fairly obvious -- a lost or stolen laptop or USB stick, for instance. In other cases, it takes a forensic investigation to piece together the details of what happened and how.

The Verizon Business RISK Team is a world-renowned data forensics organization that investigates all sorts of suspected breaches. Since 2004, this team has worked on more than 600 cases. Fortunately for us, the team is willing to share its collective knowledge and provide an analysis of the trends in breaches, including how they happen and what the root causes and contributing factors are.

10 woeful takes of data gone missing

I featured some of their analysis in my February article, "Don't Be a Data Loss Victim". Since then, the RISK Team has published its latest report, the 2009 Data Breach Investigations Report (DBIR). This is a good read for any organization that is trying to plan where and how to allocate scarce resources. For example, the prevailing wisdom says that company insiders are a major threat for accidentally exposing data or intentionally stealing it. In the experience of the Verizon team -- and mind you, the team's universe is not all breaches, but only the ones its members investigate -- the insider threat is much less significant than those threats that come from outside the company. Knowing this, an organization can plan its defenses accordingly.

The 2009 report focuses on the more than 90 confirmed breaches the team investigated in 2008. The number of sensitive data records exposed through these breaches totals more than 285 million. That's more records exposed in one year than the sum of all the records exposed in the four previous years.

Here are some notable statistics from the 2009 report:

74% of the breaches resulted from external sources. This percentage is just about unchanged from previous years.

91% of all compromised records were linked to organized criminal groups. It's no surprise such groups are after data they can monetize quickly, such as credit card data and financial records.

67% of the breaches were aided by significant errors, such as not applying a patch for a known vulnerability. This statistic is unchanged since previous years, meaning we haven't learned yet how important it is to watch out for the simple things that are in our control.

38% of the 2008 attacks utilized malware to plant the means to steal data. This is trending upward as malware is now an essential component to nearly all large-scale breaches. As the report says, "Hacking gets the criminal in the door, but malware gets him the data."

Network managers can take solace in one bit of information from Verizon's report: a small percentage of 2008 hacks targeted routers, switches and other network devices. What's more, wireless networks are actually a rare attack vector for recent data breaches. (Perhaps network managers learned from the atrocious TJX Companies breach in 2007 in which 94 million accounts were compromised. Hackers utilized outdated wireless network security in retail stores to gain access to unencrypted payment card data.)

Another interesting take-away is the analysis of what types of information assets are often compromised. In the scope of the Verizon investigations, 94% of the breaches (and 99.9% of the pilfered records) are attributed to online assets, including servers and applications. This is significant because many companies fret about data on user systems, in offline storage and in transit across networks and devices. Verizon reports that 17% of the breaches involving only .01% of the data occurred with user systems; 2% of the breaches impacting .04% of the data involved offline data; and no breaches occurred with networks and devices. Bottom line: focus on protecting data on servers and applications.

Understandably, no organization has unlimited resources for data protection, and therefore risk mitigation efforts must be focused. Based on the observations made over five years and across 600 investigations, the Verizon Business RISK Team provides five recommendations for major activities that can greatly help reduce the risk of a data breach:

Ensure that essential controls are met.

Find, track and assess data.

Collect and monitor event logs.

Audit user accounts and credentials.

Test and review Web applications.

You can read the entire 2009 Data Breach Investigations Report at http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf.

GROWTH : Cyber crime cases rise 230 times in 5 years in Pune

2009-07-04T22:33:00.000+05:30

GROWTH : Cyber crime cases rise 230 times in 5 years in Pune

01 July 2009

http://punekar.in/site/2009/07/01/cyber-crime-cases-are-on-the-rise-in-pune/

http://www.indianexpress.com/news/from-9-to-2-000-cyber-crime-rises/483332/

The number of people coming forward with cyber crime complaints is on a significant rise. “In a year after the cyber cell of Pune police was started in July 2003 we had received only nine complaints of cyber crime. There is a manifold rise as in the year 2008, we have received 2007 cyber crime complaints,” said Deputy Commissioner of Police (cyber cell) Rajendra Dahale, during the opening ceremony of ‘Cop Tech”‘forum at Pune police commissionerate on Tuesday.

The “Cop Tech” forum is an initiative of Pune police, NASSCOM and Data Security Council of India (DSCI) to increase sharing of ideas and knowledge on cyber security, for making Pune a cyber safe city. Making a mention of the cyber crime cases like derogatory content about Chattrapati Shivaji Maharaj on orkut and film star Amol Palekar’s credit card case, Dahale said that, “Pune police is doing good in tackling cyber crimes. We have trained many policemen at the cyber lab at Shivajinagar police headquarters. Through “Cop Tech” forum, we expect the IT industry and Pune police will share more knowledge and ideas on cyber safety. Members of ‘Cop Tech’ forum and police would be holding quarterly meeting for the purpose.”

Police commissioner Satyapal Singh then signed a memorandum of understanding (MoU) with NASSCOM, while launching the “Cop Tech” forum.

Pratap Reddy, an IPS officer who an advisor (cyber security) to NASSCOM said that this was the first MoU of its kind in the country. “Partnership between the police and industry is appreciated,” Reddy said. While Singh said that police would like to learn fast and more from on cyber security through the “Cop Tech” forum. Singh suggested that meetings of ‘Cop Tech’ forum members and police should be held every month. “Making the society cyber safe is a challenge. We would like to learn more on cyber safety. There is no time to waste,” Singh said. Rajiv Vaishnav, vice president of NASSCOM and Anand Deshpande, founder and managing director of Persistent Systems Ltd also spoke.

GUILTY : 'Hacker's hacker' from San Francisco pleads guilty in $86 million fraud

2009-07-04T22:30:00.000+05:30

GUILTY : 'Hacker's hacker' from San Francisco pleads guilty in $86 million fraud

By Jason Cato, TRIBUNE-REVIEW

June 30, 2009

http://www.pittsburghlive.com/x/pittsburghtrib/s_631630.html

A mild-mannered computer geek people once believed could do no wrong admitted Monday to stealing nearly 2 million credit card numbers, which he and others used to rack up more than $86 million in fraudulent charges.

Max Ray Vision, 36, of San Francisco pleaded guilty in U.S. District Court, Downtown, to two counts of wire fraud. He faces up to 60 years in prison when sentenced Oct. 20 by Senior U.S. District Judge Maurice Cohill.

"Max is kind of a hacker's hacker," said federal public defender Michael Novara, explaining that his client -- known by the Internet aliases "Iceman," "Aphex," "Darkest" and "Digits" -- hacked into computer systems not only of financial institutions and credit-card processing centers but also those of other hackers, to steal information they stole.

"He would do that for various reasons, but basically because he could," Novara said.

Vision changed his name from Max Ray Butler shortly before the Secret Service arrested him in September 2007 at his Bay Area safehouse. Inside, agents found computer equipment storing approximately five terabytes of encrypted data and 1.8 million stolen credit card accounts.

Visa, Mastercard, American Express and Discover lost about $86.4 million through charges on those accounts, Assistant U.S. Attorney Luke Dembosky said.

"These losses were borne by the thousands of banks that issued the cards in question," Dembosky said.

In the 1990s, Vision owned a consulting company that helped companies identify weaknesses in computer systems through "network intrusion detection."

Federal prosecutors in Northern California charged Vision in 2000 with computer crimes for hacking into Pentagon computer systems. He was sentenced to 18 months in prison. Court proceedings revealed that Vision worked as an FBI informant for years before his arrest.

"He's definitely the most interesting hacker case I've seen in over a decade," said Kevin Poulsen, a senior editor for Wired Magazine who attended yesterday's hearing and is writing a book about Vision. "It's pretty unusual for someone to be a good computer-security professional and a good computer criminal."

In 1994, Poulsen went to prison for hacking into a radio station and setting up a contest-rigging scheme. His 51-month prison sentence at the time was the longest ever for a hacking crime.

"I've been a hacker, I've known hackers, and I've written about hackers for a long time," Poulsen said. "(Vision) is definitely the most interesting story I've ever heard."

From 2005 until 2007, Vision and a partner in Los Angeles, Christopher Aragon, established CardersMarket.com as a way to acquire, sell and use stolen credit card and other identity-related information, a practice known as "carding," Dembosky said. The Web site at its peak had approximately 4,500 members worldwide.

It was one of five English-language sites at the time that facilitated computer crimes, Poulsen said. He said Vision hacked into the other four and took them over.

Two Secret Service informants helped bring down Vision's hacking empire, Dembosky said. One gained access to CardersMarket hierarchy after earning Vision's trust. The other purchased 103 stolen credit card numbers and related information. Under the sealed plea deal, three identity theft charges will be dropped.

Federal charges were filed against Vision in Virginia at the same time he was indicted in Pittsburgh, court records show.

Vision disagreed with some details the prosecutor outlined during yesterday's hearing, but agreed he did most of the actions alleged.

"This is me and what I did, in essence," Vision said.

Before his first arrest, people in the computer-security industry believed Vision was one of the good guys, or a white hat. Dragos Ruiu, owner of DragosTech.com in Edmonton, Canada, was a professional acquaintance of Vision.

"He was a real Dr. Jekyll-Mr. Hyde type," Ruiu said. "He was innocuous, and nobody would have pegged him for an underworld mob king."

This ranks as one of the all-time biggest computer hacking jobs, Ruiu said.

"He was really good at attacks," Ruiu said. "Now we know why."

HACKED : Indian Institute of Remote Sensing Website Hacked

2009-07-04T22:25:00.000+05:30

HACKED : Indian Institute of Remote Sensing Website Hacked

Malicious exploit-loading JavaScript code injected in its pages

By Lucian Constantin, Web News Editor

30 June 2009

http://news.softpedia.com/news/Indian-Inst...ed-115437.shtml

Security researchers from web security vendor Finjan report that the website of India's Institute of Remote Sensing has been compromised by hackers. An injected IFrame loads exploits from the LuckySploit attack toolkit against visitors.

"Last week, we detected that another website from the Government of India 'iirs-nrsa.gov.in' was compromised by cybercriminals who use it as a malicious code distribution channel," the Finjan malware analysts announce.

The pages of the website have been infected with obfuscated JavaScript that inserts a rogue IFrame. The IFrame is subsequently used to load malicious code from a third-party server and attempts to exploit the website's visitors. "The IFrame created by this script points to malicious content hosted on server in Texas armed with the LuckySploit attack toolkit," the researchers explain.

LuckySploit uses a collection of exploits for vulnerabilities in the operating system, browsers or other popular software such as Adobe Flash and Adobe Reader. After obtaining access to the server, the analysts looked at the referrer statistics from the LuckySploit administration panel. According to these, iirs-nrsa.gov.in had 500 hits from 157 unique users since it was compromised. Despite these relatively low numbers, the successful infection rate is pretty high, situated at 17,8% (28 users).

What's even more worrying is the total number of successful infections (11,798) on all the websites compromised by this group of hackers. The Finjan security researchers warn that, "The exploit page was detected by only 4 out of 40 AV engines at Virus Total."

Last month, the security vendor reported a similar infection, using the Fiesta attack toolkit, on another Indian government website, belonging to the Union Public Service Commission. "We notified CERT India about this issue; trusting that the problem will be fixed soon," the company noted, regarding this latest incident.

Back in January, we reported that the website belonging to the Indian Embassy in Spain had been compromised in a similar way, while later, in February, India's Ministry of External Affairs was confronted with a serious security breach after spyware was found on its network.

Quote of the day

2009-02-14T08:09:00.002+05:30

Quote of the day

"Come to the edge."
"We can't. We're afraid."
"Come to the edge."
"We can't. We will fall!"
"Come to the edge."
And they came.
And he pushed them.
And they flew.

Guillaume Apollinaire

1880-1918

New IT Term of the day

2009-02-14T08:09:00.001+05:30

New IT Term of the day

verification

In a biometric security system, the process of comparing a biometric sample against a single reference template of a specific user in order to confirm the identity of the person trying to gain access to a system.

NSA offering 'billions' for Skype eavesdrop solution

2009-02-14T08:08:00.002+05:30

VALUE : NSA offering 'billions' for Skype eavesdrop solution

Business model for P2P firm at last?

By Lewis Page

12th February 2009

http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/

Counter Terror Expo News of a possible viable business model for P2P VoIP network Skype emerged today, at the Counter Terror Expo in London. An industry source disclosed that America's supersecret National Security Agency (NSA) is offering "billions" to any firm which can offer reliable eavesdropping on Skype IM and voice traffic.

The spybiz exec, who preferred to remain anonymous, confirmed that Skype continues to be a major problem for government listening agencies, spooks and police. This was already thought to be the case, following requests from German authorities for special intercept/bugging powers to help them deal with Skype-loving malefactors. Britain's GCHQ has also stated that it has severe problems intercepting VoIP and internet communication in general.

Skype in particular is a serious problem for spooks and cops. Being P2P, the network can't be accessed by the company providing it and the authorities can't gain access by that route. The company won't disclose details of its encryption, either, and isn't required to as it is Europe based. This lack of openness prompts many security pros to rubbish Skype on "security through obscurity" grounds: but nonetheless it remains a popular choice with those who think they might find themselves under surveillance. Rumour suggests that America's NSA may be able to break Skype encryption - assuming they have access to a given call or message - but nobody else.

The NSA may be able to do that: but it seems that if so, this uses up too much of the agency's resources at present.

"They are saying to the industry, you get us into Skype and we will make you a very rich company," said the industry source, adding that the obscure encryption used by the P2Pware is believed to change frequently as part of software updates.

The spyware kingpin suggested that Skype is deliberately seeking to frustrate national listening agencies, which seems an odd thing to do - Skype has difficulties enough getting revenues out of its vast user base at any time, and a paid secure-voice system for subversives doesn't seem like a money-spinner.

But corporate parent eBay, having had to write down $1.4bn already following its $2.6bn purchase of Skype back in the bubble-2.0 days of 2005, might see an opportunity here. A billion or two from the NSA for a backdoor into Skype might make the acquisition seem like a sensible idea.

We asked the NSA for comment, particularly on the idea of simply buying a way into Skype, but hadn't yet received a response as of publication.

Korean Bank Hacked

2009-02-14T08:08:00.001+05:30

HACK : Korean Bank Hacked

Why Was Hana Vulnerable to Hacking?

By Kim Tong-hyung

Staff Reporter

02-11-2009

http://www.koreatimes.co.kr/www/news/tech/2009/02/133_39347.html

Security loopholes at online banking sites are leaving customers' accounts vulnerable to electronic heists, experts said.

The criticism comes after a 38-year-old woman had 21 million won (about $15,000) stolen from her Hana Bank account by what the police believes was an international gang of hackers who breached her computer.

The incident serves as the most recent indication that assessing the safety of one's bank accounts online has become difficult, security officials say, with the advancement in spy software and other computer technology posing further threats.

Hackers in the most recent attack had no trouble in beating the dual protection system of public key cryptography and individual code numbering, which banks entirely rely on to protect transmissions on the Internet.

``Local banks spent heavily to increase the protection of their computer networks in the past, and the level of security for their servers and storage databases is actually impressive,'' said an official from AhnLab, a security software developer.

``The problem is that hackers usually target the computers of customers, not banks, and the level of awareness on the users' side is still quite low,'' he said.

According to investigators at Seoul's Gangnam Police Station, the hackers breached the online account of the victim, identified only as Seok, on Jan. 5, and moved money from the account three times, 7 million won at a time, despite Seok having been tipped off by Kookmin Bank earlier that day that her online bank account had been accessed by a user from a suspicious Internet protocol (IP) address based in China that had been used in another hacking attempt in August last year.

Seok immediately received a new public key and code card from the bank and changed her personal access code. However, her Hana Bank account, which used the same public key for verification, was invaded just three hours later.

``There has been no trace of the hackers attempt to use Seok's old public key to breach the Hana Bank account, and it is clear that the suspects had immediate access to her new public key, code card and personal access codes,'' said Ryu Gyeong-ha, an official from the police station's cyber crimes unit.

The police believe that the hackers installed spy software in Seok's computer, probably through e-mail, enabling them to record her personal information and passwords and capture her keystrokes through ``key-logger'' programs.

However, investigators have yet to confirm their suspicions, as Seok has thus far refused to have her computer seized and inspected, police officials said.

``The hackers didn't need to copy the new public key when they had Seok's personal information, which allowed them to log into the account legitimately. They had an eye on her every minute,'' Ryu said.

It's debatable how much of the blame should be placed on Hana Bank for its failure to protect Seok's account from hackers. The recent incident exposed the banks as being ill-prepared to protect online bank accounts, according to security consultants, and Hana Bank should be held accountable for its failure to provide better security solutions to individual users, such as improved programs to prevent key-logging.

Some question whether the hackers had successfully breached Hana Bank's security network, as the installation of spy software on Seok's computer doesn't clearly explain how the suspects got hold of the 100-plus individual code numbers on the code card issued by Kookmin Bank.

Seok claims she never saved the codes on her computer, and obtaining the vast amount of information just through key-logging programs would be difficult to pull off in such a short period of time, according to some security experts.

Hana Bank officials deny the possibility of a network breach.

``The process of the money transfer was legitimate and we have found no traces of breach attempts on our database,'' said an official from Hana Bank.

``There were no errors in typing in the IDs and passwords and there was no reason to believe that the transaction was conducted by a hacker. If banks had a system whereby they could share information regarding suspicious IP addresses, this wouldn't have happened,'' he said.

There was a similar incident in December when a hacker, also using a China-based IP address, attempted to steal 14 million won from a Citi Bank customer. However, the customer, identified as Yoo, saved his money by alerting the bank to suspend payment from his account.

The police gave up on the investigation, citing difficulties in tracking the China-based Internet user.

Cyber crime wave targets on-line bank accounts

2009-02-14T08:07:00.002+05:30

TARGET : Cyber crime wave targets on-line bank accounts

11 February 2009

Copenhagen Post

http://www.cphpost.dk/news/crime/155-crime/44723-cyber-crime-wave-targets-on-line-bank-accounts.html

Hackers send programmes known as 'spyware' that can record the user's pin code

On-line banking is a risky business for customers who do not take appropriate security measures

Denmark is currently facing a wave of cyber attacks, but even though banks beef up their defences, they say there is little they can do when it comes to the weakest link – users themselves, reports Politiken newspaper.

The wave of attacks comes as banks report an increasing number of people using on-line services are experiencing that their accounts are being hacked and their money stolen. Last year the number of reported thefts from people's on-line accounts nearly doubled to 156. In 2007, the number was 85.

'We're as vigilant as we can be, but in reality any net bank user with a computer that isn't fully updated is at risk of being attacked,' said Birgitte Madsen of the Danish Bankers Association.

As many as 3.3 million Danes use on-line banking, and although many are aware that they should not open suspicious attachments to e-mails, new generations of computer viruses can attack without the user knowing it.

Older versions of programmes such as iTunes, Java and Acrobat can contain security holes that allow hackers to send programmes known as 'spyware' that can record the user's pin code and send it back to the hacker.

'This is a major risk, because users don't know they are susceptible,' said Peter Kruse of Csis, a computer company that works with banks to improve security. 'Banks do a lot to prevent hacking, but users need to be responsible for their own computer security.'

According to F-secure, another bank IT security provider, the latest wave of attacks stems from Russia or Ukraine. 'We shouldn't underestimate these people. They work in big foreign companies that create these programs,' channel manager Michael Dahl said.

Deputy commissioner Henning Schmidt, head of the financial crimes unit for the Copenhagen Police, said their evidence also points to the culprits originating in a Russian speaking country, but added that many hackers also use local 'mules' – a middleman who transfers the stolen money to the hacker's account.

Schmidt said preventing on-line break-ins requires users to secure their computers the same way they would their homes.

MS puts up $250K bounty for Conficker author

2009-02-14T08:07:00.001+05:30

REWARD : MS puts up $250K bounty for Conficker author

Zombie masterminds wanted undead or alive

By John Leyden

12th February 2009

http://www.theregister.co.uk/2009/02/12/conficker_reward/

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker worm.

The bounty, announced Thursday, represents a revival of Microsoft's mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004.

In 2003, Redmond put up a $250,000 reward for tips leading to the arrest and conviction of the virus writers behind the infamous SoBig and Blaster worms. It extend this offer to other examples of malware, but there's only ever been one payout.

Erstwhile college friends of German VXer Sven Jaschan, who was convicted of writing the Sasser worm, picked up a $250,000 payout for their efforts.

Conficker has infected 10 million computers, going by recent estimates, so it's no great surprise to find that Microsoft has reactivated the program. Even if it doesn't lead to any arrests, the possibility of betrayal will give the authors of the worm pause for thought before they activate the monster botnet their malware has established.

In related news, Microsoft is partnering with security researchers, the Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the domain name system to disable domains used by Conficker. Infected machines are programmed to dial into a constantly varying pre-programmed range of servers every day in order to obtain instructions.

Seperately OpenDNS rolled out a Conficker tracking and blocking scheme earlier this week.

Quote of the day

2009-02-11T20:43:00.001+05:30

Quote of the day

It is not necessary that whilst I live I live happily; but it is necessary that so long as I live I should live honourably.

Immanuel Kant

(1724-1804)

German philosopher

New IT Term of the day

2009-02-11T20:42:00.002+05:30

New IT Term of the day

Vein ID System

A type of biometrics identification system that uses veins in a person's body to establish identity. Vein ID Systems use infrared light to scan the user's hand and look for a pattern of veins in order to make an identification match. Both Hitachi and Fujitsu have developed commercial Vein ID Systems.

Obama Orders 60-Day Cybersecurity Review

2009-02-11T20:42:00.001+05:30

FIRST STEP : Obama Orders 60-Day Cybersecurity Review
by Andrea Shalal-Esa

Reuters

Mon Feb 9, 2009

http://www.reuters.com/articlePrint?articleId=USTRE5190B820090210

WASHINGTON (Reuters) - President Barack Obama on Monday ordered an immediate 60-day review of federal cyber security efforts and named Melissa Hathaway, a top U.S. intelligence official, to oversee the effort, according to a White House statement.

Hathaway, who served as a top cyber security adviser to Mitch McConnell, the former director of national intelligence, will conduct the review for the White House National Security and Homeland Security Councils.

The review, which will examine what the federal government already is doing to protect vital U.S. computer networks, underscores mounting concerns about the risks of cyber attacks, and points to a growing market for U.S. contractors.

Northrop Grumman Corp, Lockheed Martin Corp and Boeing Co, the Pentagon's biggest contractors, already are working on a variety of cyber security projects for the U.S. government, many of which are classified.

Industry executives say the sector will be one of their fastest-growing markets in coming years, and analysts say it could generate over $10 billion in contracts by 2013.

Hathaway, who had been coordinating cyber security efforts for the intelligence community, will serve as acting senior director for cyber space during the review period, according to the White House statement, which was released late on Monday.

Obama highlighted the importance of safeguarding the nation's vital computer networks against enemy attacks during his campaign, and has promised to appoint a national cyber adviser to coordinate federal agency efforts and develop a national cyber policy.

Just before he left office last month, McConnell told reporters that the Internet had introduced an unprecedented level of vulnerability. "If you get in our systems and you're trying to destroy banking records or electric power distribution or transportation, it could have a debilitating effect on the country," he said.

The Senate last month confirmed Adm. Dennis Blair to be the new director of national intelligence, replacing McConnell.

Immediately upon taking office, the Obama administration underscored the importance of protecting U.S. information networks in a posting on the White House website.

It pledged to work with industry, researchers, and citizens to "build a trustworthy and accountable cyber infrastructure that is resilient, protects America's competitive advantage, and advances our national and homeland security."

The White House also said it would initiate a drive to develop next-generation secure computers and networking for national security applications; establish tough new standards for cyber security and physical resilience; battle corporate cyber espionage and target criminal activity on the Internet.

Computer Virus Shuts Down Houston Municipal Courts

2009-02-11T20:41:00.000+05:30

INFECTION : Computer Virus Shuts Down Houston Municipal Courts

By Bradley Olson, Melissa Vargas And Dale Lezon

HOUSTON CHRONICLE

Feb. 7, 2009

http://www.chron.com/disp/story.mpl/front/6250411.html

Houston shut down part of its municipal court operations Friday, cancelling hearings and suspending arrests for minor offenses after a computer virus infected hundreds of its machines. City officials said they expected the problems to extend at least through Monday.

Court offices will remain open to allow people to pay tickets and fines, but the dockets will have to be reset, a move that will affect thousands of cases, city officials said.

It was unclear Friday how the virus got into the system, but officials promised a thorough investigation. They could not say when they hoped to have the virus removed from the city network.

The disruption cascaded through city departments, leading police to temporarily abandon making some arrests for minor offenses. Officials also briefly disconnected the Houston Emergency Center. Although some emergency communications, such as dispatching, are routed through the center, police experienced no major disruptions, officials said.

By Friday afternoon, officials said the virus appeared to be contained to 475 of the city’s more than 16,000 computers. But the problems it caused grew so severe that city officials made an emergency purchase order for up to $25,000 to bring in Gray Hat Research, a technology security company that began trying to eradicate it through the early morning hours Friday.

“We’re working as hard as we can on it,” said Richard Lewis, the city’s information technology director. “This is a complex matter. We’re not sure what virus has attacked us. It’s going to probably be days.”

The compromise of the city networks dealt another blow to the municipal court computer system, which has been beset by problems almost as soon as it went live in April 2006.

The $10 million effort by Maximus Inc. to bring the court’s activities online was immediately troublesome to judges, clerks and prosecutors and delayed court proceedings in 2006. After threatening litigation, the city reached a $5 million settlement with Maximus and may seek another vendor.

Janis Benton, the city’s deputy director of information technology, said officials suspected the infection was a form of Conficker, the latest super virus that has breached at least 10 million computers worldwide as of late January, including the government health department in New Zealand and defense systems in France.

Conficker, also known as Downadup, infects computers via a flaw in the Microsoft Windows operating system. Microsoft issued an emergency patch back in October, and PCs that have the patch are protected from the worm.

Once on a computer, Conficker disables some of its capabilities, connects to outside servers and can download other malicious programs. It may also gather personal information and upload it to remote servers.

Because individuals and larger operations are often slow to patch their systems, Conficker has spread quickly.

Lewis said the patch almost certainly would have been installed because of protocols in place, but said he is not sure the problem is Conficker.

Hold on minor arrests

Lewis said city officials began to notice some of the effects of the virus on Wednesday and began a full-fledged effort to quarantine it on Thursday. It had the effect of severely slowing down the operations of computers, he said.

The Houston Emergency Center disconnected from the city network at 11 a.m. Friday and reconnected around 4:30 p.m., officials said. The only impact on emergency operations was that some dispatching had to be communicated by radio rather than broadcast to computer screens inside police cars. Officers had no trouble making routine license or criminal records checks in their vehicles, police and city officials said.

However, police this weekend will be using only citations for class C misdemeanors instead of arrests, since they cannot be processed. Exceptions will include public intoxication, disorderly conduct and some assaults. Class B misdemeanors and above are processed through the county jail. For the most part, officials said, the temporary hold on arrests was expected to impact only minor traffic warrants.

Mayoral spokesman Patrick Trahan said people in jail would be able to make bail, but several bondsmen contacted by the Houston Chronicle were under the impression that no one could be released until Tuesday.

Appearances postponed

A courts employee greeted people in front of the payment windows at the municipal court building at 1400 Lubbock. She turned many people away for their 4 p.m. court appearances. Some were frustrated by the inconvenience, and others were happy to put it off.

The municipal court’s assistant director, Bonita Tolbert, said the only operations being rescheduled were court appearances for 3,000 people Friday. Many who walked into the municipal court Friday afternoon were turned away for other reasons.

Christian Navarrette, an art teacher, left his job early to get down to the courthouse to pay a speeding ticket. He said he was turned away when he tried to pay the ticket, which is due by Monday.

“They told me if I pay it now, it may not post by Monday because of the computer problem,” he said. “They told that I could face more fines if I pay it today, or I can just come back to pay it Monday. I guess I’ll have to leave work early Monday, too.”

Also see -

http://www.myfoxhouston.com/dpp/news/090208_city_courts_remain_closed_monday

http://www.khou.com/news/local/stories/khou090206_mh_court_system_down.2580b43d.html

KASPERSKY HACKED : Database Exposed For Days

2009-02-11T20:40:00.000+05:30

KASPERSKY HACKED : Database Exposed For Days

Security Co. mum on Jedi mind trick

By Dan Goodin in San Francisco

9th February 2009

http://www.theregister.co.uk/2009/02/09/kaspersky_compromise_follow_up/

Some 24 hours after a hacker claimed to hack a Kaspersky website and access a database containing proprietary customer information, the security provider issued a terse statement confirming it had experienced a security issue.

"On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site," read the statement, which was released Sunday afternoon.

"The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site."

That tells part of the story, but here's the part Kaspersky leaves out. According to an admin named Tocsixu at the site that exposed the breach, the hacker who originally discovered the vulnerability did so days earlier and only went public after getting no response from more discreet communiques with Kaspersky employees.

"I have sent emails to info@kaspersky.com, forum@kaspersky.com, and webmaster@kaspersky.com warning Kasperky [sic] about the problem but I didn't get any response," Unu, the hacker, said in an email. "After some time, still having no response from Kaspersky, I have published the article on hackersblog.org regarding the vulnerability."

Tocsixu also took issue with the characterization that the data wasn't actually compromised or that it wasn't critical.

"This vulnerability could have been critical if it were to be exploited by someone bad intended because several sensitive informations could have been extracted, like usernames, emails, passwords, codes, mysql users & passwords, etc.," Tocsixu told El Reg.

"Indeed, no data was compromised from the site because that is not Unu's (our) intention. No sensitive information from the site was stored, legit Kaspersky users can rest assured."

Kaspersky has repeatedly declined to provide details about the breach, including how long its website was vulnerable or exactly when it closed the vulnerability. It didn't respond to email requesting comment on Tocsixu's claims.

SQL injections are like Jedi mind tricks. With the wave of a hand and a discreetly placed suggestion - in this case SQL database commands buried deep inside a long URL - hackers are able to turn weak-minded websites against themselves. Often, the compromise is fairly innocuous and comes in the form of a simple site defacement. Not so with the SQL injection that visited Kaspersky.

It allowed any Jedi knight who knew the secret passphrase to trick the website into dumping entire tables in its database.

"This was a typical UNION injection attack that enables SELECT statements to be poisoned with information from foreign tables," according to one Reg reader account that was confirmed by Tocsixu.

The reader, who was able to duplicate the attack Unu laid out, continued:

"Once you find the number of columns in the initial SELECT statement (using ORDER BY injection attacks) you can basically get access to the information_schema database, find out table and column names and then you're home free. Big whoopsie for Kaspersky. This was active the entire day yesterday [Saturday]."

No doubt, it's been a tough week for Kaspersky, and it sure didn't help that many of the company's employees happened to be in Puerto Rico this weekend for a partner conference. But Kaspersky does itself no favors by being so stingy with details of this attack. And as is now clear, hackers bearing proof of the pwnage are more than willing to do the talking.

Also see-

http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/

http://hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/

No Blogging, Social Networking For Indian Diplomats

2009-02-11T20:39:00.001+05:30

OVERDUE : No Blogging, Social Networking For Indian Diplomats

Devirupa Mitra,

Indo-Asian News Service

February 08, 2009

08/02/2009

http://www.hindustantimes.com/StoryPage/Print.aspx?Id=77ddb9db-2e2f-4666-b4f9-02ebeaf2254c#

Indian diplomats now cannot open a Facebook account, use external e-mail services, or write blogs, thanks to new rules and much stricter firewalls aimed at preventing cyber attacks and leakage of classified information.

Over the past eight months, the Ministry of External Affairs has been overhauling its computer network security, putting up layers of barriers against intrusions into the network, officials associated with cyber security said.

There are almost 600 computers at its headquarters at South Block, about half of which are connected to the Internet. Classified work is typically done on stand-alone computers, usually with the external drives removed.

"We have set up a unified threat management system for the ministry. This simultaneously uses eight levels of protection like firewalls and spam mail filtering," said a senior official.

"We are also requesting and encouraging more responsible behaviour from our staff when working online," the official told IANS, requesting anonymity.

A circular issued last week asked officials not to log on to social networking sites, specifically citing Facebook, Orkut and Ibibo as examples. The other prohibited practices include download of peer-to-peer music using sites like Kazaa and sharing of photos through Flickr and Picasa.

The circular also discourages using services like G-mail, Yahoo! or Hotmail for official communication. A similar circular, officials said, had been issued in the Prime Minister's Office in December.

But the matter is even more critical for the foreign office as officials posted in Indian missions abroad or on foreign tours tend to use web-based mail rather than the ministry's own mail system.

"We have had cases of senior officers using G-mail or other similar accounts abroad for official work, only to find some form of tampering when they return," the official said, adding people have been told to change their web-mail passwords if they had opened the account during foreign tours.

The missions have been told to use their official mail ID issued by the National Informatics Centre for communication. But several missions have complained that the mail home page was inaccessible due to port blocks by local Internet service providers.

They have been asked to contact their service providers to unblock the site.

"We want to secure communications with Indian missions through private networks. This may be implemented in the next few months," said an official working with the technical team in the ministry.

Apart from their offices within the country, cyber security officials are also fortifying Indian embassies abroad with the first such team visiting the Indian embassy in Beijing late last year.

In 2008, nearly 100 Internet addresses were blocked, several of them at Chengdu in China, after these were found to be the source of a swarm of attacks on the network.

"An attack could be just a simple mail, which activates a programme to leak data from that computer to another address on the net," the ministry official said, adding new intrusions were more geographically dispersed.

"We had some intrusions which were traced to Houston, but we know that Chinese hackers were behind it," the official said. "It's a daily defensive war that we are engaged in."

Not all online behaviour guidelines are the result of potential security threats - some are merely to caution officials. Like late last year, some officials got a circular advising them to stop writing blogs.

The order came after a Saudi Arabia-based official's personal website created a controversy for carrying an advertisement on writer Salman Rushdie, which was posted automatically as the site was hosted on a free server.

"Now we have mailing communities to keep in touch with each other - no blogs."

Quote of the day

2009-02-09T20:42:00.001+05:30

Quote of the day

Good governance is not just about having systems. Good governance is all about following those systems as well.

Nick Massey,

Ex-CEO of GlaxoSmithkline Consumer Healthcare

New IT Term of the day

2009-02-09T20:41:00.002+05:30

New IT Term of the day

User Name

A name used to gain access to a computer system. Usernames, and often passwords, are required in multi-user systems. In most such systems, users can choose their own usernames and passwords.

Usernames are also required to access some bulletin board and online services.

Parking tickets lead to malware

2009-02-09T20:41:00.001+05:30

TECHNIQUE : Parking tickets lead to malware

5 February 2009

http://www.heise-online.co.uk/security/Parking-tickets-lead-to-malware--/news/112568

ISC.Sans.org have reported on a novel new way of distributing malware – parking tickets. The scam involved the distribution of fake parking tickets placed on car windscreens, which claimed the vehicles owner had violated parking regulations and directed victims to a website for more details on what they had done wrong.

On that website were pictures of some cars and a link to download a "Picture search toolbar" to locate the victims car. It was this link that downloaded the malware, which would ask to install a browser helper object (BHO). This would then attempt to trick the user into installing a fake anti-virus scanner. The scam seems to have operated only in Grand Forks, North Dakota, but is simple enough that it is expected to be copied around the world.

Cisco wireless flaws pose DoS risk

2009-02-09T20:40:00.002+05:30

RISK : Cisco wireless flaws pose DoS risk

Wi-Fi kit found wanting

By John Leyden

6th February 2009

http://www.theregister.co.uk/2009/02/06/cisco_wireless_update/

Cisco is urging admins to update their wireless LAN hardware following the discovery of multiple vulnerabilities in its enterprise Wi-Fi kit.

Security flaws in Cisco Wireless LAN Controllers, Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers create a mechanism for hackers to knock over vulnerable hardware.

All Cisco Wireless LAN Controllers running version 4.2 of the network giant's software are affected by a pair of denial of service flaws. A third DoS flaw affects software versions 4.1 and later.

The denial of service bugs include a flaw in the handling of Web authentication, which can cause an affected device to reload, and a separate flaw (that also affects version 4.1 of the software) that means vulnerable kit can freeze up on receipt of malformed data packets.

The same set of potential problems affects Cisco Catalyst 6500 Series/7600 Series Wireless Services Module and Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers but not the equivalent wireless modules on Cisco 2800 and 3800 series Integrated Services Routers. Cisco 2000 and 2100 Series Wireless LAN Controllers are also unaffected by the vulnerability.

The denial of service problem is not the only issue to consider. Version 4.2.173.0 of Cisco's Wireless LAN controller software is affected by a privilege escalation vulnerability. The security bug creates a means for an ordinary user to gain full administrative rights.

"Successful exploitation of the denial of service vulnerabilities may cause the affected device to hang or reload," a security advisory from Cisco explains. "Repeated exploitation could result in a sustained DoS condition. The privilege escalation vulnerability may allow an authenticated user to obtain full administrative rights on the affected system."

Cisco said it discovered the flaws via customer support cases and internal testing. There is no evidence to suggest that the flaws have been used by hackers. However, especially in the absence of a suitable workaround, patching affected systems sooner rather than later makes sense.

CISCO Advisory -

http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml

Teen accused of sex assaults in Facebook scam

2009-02-09T20:40:00.001+05:30

ACCUSED : Teen accused of sex assaults in Facebook scam

By Carrie Antlfinger

Associated Press

Feb 5, 2009

http://news.yahoo.com/s/ap/20090205/ap_on_re_us/facebook_sex;_ylt=Aphl5WbsNbzuWmDYmSKtt2sDW7oF

MILWAUKEE – An 18-year-old male student is accused of posing as a girl on Facebook, tricking at least 31 male classmates into sending him naked photos of themselves and then blackmailing some for sex acts.

"The kind of manipulation that occurred here is really sinister in my estimation," Waukesha County District Attorney Brad Schimel said Wednesday.

The students go to New Berlin Eisenhower High School in New Berlin, which is in Waukesha County about 15 miles west of Milwaukee.

Anthony Stancl, of New Berlin, was charged Wednesday with five counts of child enticement, two counts of second-degree sexual assault of a child, two counts of third-degree sexual assault, possession of child pornography, repeated sexual assault of the same child, and making a bomb threat.

Stancl's attorney, Craig Kuhary, said Stancl plans to plead not guilty to the charges and hopes to reach a plea agreement with the district attorney

"It's too early in the case for me to make a statement, other than the fact at some point we are going to go into events that had taken place earlier that might have had some impact on what he did here," he said. He wouldn't go into specifics.

The incidents allegedly happened from spring 2007 through November, when officers questioned Stancl about a bomb threat he allegedly sent to teachers and wrote about on a school's bathroom wall. It resulted in the closing of New Berlin Eisenhower Middle and High School.

According to the criminal complaint, Stancl first contacted the students through the social networking site Facebook, pretending to be a girl named Kayla or Emily.

The boys reported that they were tricked into sending nude photos or videos of themselves, the complaint said.

Thirty-one victims were identified and interviewed and more than half said the girl with whom they thought they were communicating tried to get them to meet with a male friend to let him perform sex acts on them.

They were told that if they didn't, she would send the nude photos or movies to their friends and post them on the Internet, according to the complaint. Stancl allegedly used the excuse to get the victims to perform repeated acts, the complaint said.

Seven boys were identified in the complaint by their initials as either having to allegedly perform sex acts on Stancl or Stancl on them. The complaint said Stancl took photos with his cell phone of the encounters.

Officers found about 300 nude images of juvenile males on his computer, according to the complaint. Prosecutors said the victims were as young as 15.

A preliminary hearing for Stancl has been scheduled for Feb. 26. The maximum penalty if convicted on all charges is nearly 300 years in prison.

French fighter planes grounded by computer virus

2009-02-09T20:39:00.001+05:30

GROUNDED : French fighter planes grounded by computer virus

by Kim Willsher

telegraph.co.uk

07 Feb 2009

http://www.telegraph.co.uk/news/worldnews/europe/france/4547649/French-fighter-planes-grounded-by-computer-virus.html

French fighter planes were unable to take off after military computers were infected by a computer virus, an intelligence magazine claims.

French fighter planes grounded by computer virus

The aircraft were unable to download their flight plans after databases were infected by a Microsoft virus they had already been warned about several months beforehand.

At one point French naval staff were also instructed not to even open their computers.

Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year, but according to reports the French military ignored the warning and failed to install the necessary security measures.

The French newspaper Ouest France said the virus had hit the internal computer network at the French Navy.

Jérome Erulin, French navy spokesman told the paper: "It affected exchanges of information but no information was lost. It was a security problem we had already simulated. We cut the communication links that could have transmitted the virus and 99 per cent of the network is safe."

However, the French navy admitted that during the time it took to eradicate the virus, it had to return to more traditional forms of communication: telephone, fax and post.

Naval officials said the "infection"' was probably due more to negligence than a deliberate attempt to compromise French national security. It said it suspected someone at the navy had used an infected USB key.

The Sicmar Network, on which the most sensitive documents and communications are transmitted was not touched, it said. "The computer virus problem had no effect on the availability of our forces." The virus attacked the non-secured internal French navy network called Intramar and was detected on 21 January. The whole network was affected and military staff were instructed not to start their computers.

According to Liberation newspaper, two days later the chiefs of staff decided to isolate Intramar from the military's other computer systems, but certain computers at the Villacoublay air base and in the 8th Transmissions Regiment were infected. Liberation reported that on the 15 and 16 January the Navy's Rafale aircraft were "nailed to the ground" because they were unable to "download their flight plans". The aircraft were eventually activated by "another system".

Liberation also reported that Microsoft had identified the Conficker virus in the autumn of 2008 and had advised users from October last year to update their security patches. IntelligenceOnline reports that "at the heart of the (French) military, the modifications were, for the most part, not done." It was only on the 16 January "three months later" that the navy chiefs of staffs began to act.

"At that point, the chiefs of staff and the defence ministry had no idea how many computers or military information systems were vulnerable to having been contaminated by the virus," said Liberation.

The French press also reported that the only consolation for the French Navy was that it was not the only ones to have fallen victim to the virus. It said that a report in the military review Defense Tech revealed that in the first days of January 2009 the British Defence Ministry had been attacked by a hybrid of the virus that had substantially and seriously infected the computer systems of more than 24 RAF bases and 75 per cent of the Royal Navy fleet including the aircraft carrier Ark Royal.

Quote of the day

2009-02-06T21:15:00.002+05:30

Quote of the day

All progress has resulted from people who took unpopular positions.

Adlai E. Stevenson

New IT Term of the day

2009-02-06T21:15:00.001+05:30

New IT Term of the day

User Account Control (UAC)

Abbreviated as UAC. In Windows Vista, User Account Control is a feature that was designed to prevent unauthorized changes to your computer. When functions that could potentially affect your computer's operation are made, UAC will prompt for permission or an administrator's password before continuing with the task. There are four different alert messages associated with User Account Control:

* Windows needs your permission to continue

* A program needs your permission to continue

* An unidentified program wants access to your computer

* This program has been blocked

Market Down Crimes Up

2009-02-06T21:14:00.001+05:30

RELATIONSHIP : Market Down Crimes Up

Data scams have kicked into high gear as markets tumble

By Byron Acohido and Jon Swartz,

USA TODAY

02 Feb 2009

http://www.usatoday.com/tech/news/computersecurity/2009-01-28-hackers-data-scams_N.htm

Cybercriminals have launched a massive new wave of Internet-based schemes to steal personal data and carry out financial scams in an effort to take advantage of the fear and confusion created by tumbling financial markets, security specialists say.

The schemes — often involving online promotions touting fake computer virus protection, get-rich scams and funny or lurid videos — already were rising last fall when financial markets took a dive. With consumers around the world panicking, the number of scams on the Web soared.

The number of malicious programs circulating on the Internet tripled to more than 31,000 a day in mid-September, coinciding with the sudden collapse of the U.S. financial sector, according to Panda Security, an Internet security firm.

It wasn't a coincidence, says Ryan Sherstobitoff, chief corporate evangelist at Panda.

"The criminal economy is closely interrelated with our own economy," he says. "Criminal organizations closely watch market performance and adapt as needed to ensure maximum profit."

Among those caught in the most recent barrage of scams was Justin Terrazas, 27, a beverage merchandiser from Seattle. He clicked on a Web link that infected his MacBook Pro laptop with a data-stealing program. Not realizing the laptop was compromised, Terrazas later typed his Bank of America debit card number and PIN to pay his Verizon cellphone bill online. The data-stealer swiftly siphoned his information.

A few days later, someone used Terrazas' debit card account to make a $501.41 online purchase from Modabrand.com, a designer clothing store. The merchandise was shipped to London, leaving Terrazas to unravel a big mess.

"This is definitely something you don't need in your life," he says.

The boom in cyberthreats that occurred during the last three months of 2008 could accelerate, especially if the economy continues to falter, security specialists say. Organized cybercrime groups have become increasingly efficient at assembling massive networks of infected computers, called botnets, and deploying them to amass large caches of stolen data, according to several surveys and dozens of interviews with security and privacy analysts. Meanwhile, scammers have honed the trickery used to turn stolen data into cash.

"There is a well-funded, well-educated horde continually probing for cracks and finding their way in" to consumers' financial information, says Roger Thornton, chief technology officer of security firm Fortify Software.

"They are breaching … the highest levels of the global finance infrastructure and a majority of our home computers."

Last fall, virulent programs called Trojans began to circulate more widely in e-mail and instant-message spam, got embedded in tens of thousands popular Web pages and spread in a widening barrage of online ads. Click on the wrong thing, and you would download an invisible Trojan crafted to steal sensitive data and allow the attacker to control your computer.

All types of con games — from e-mail phishing scams, which try to trick you into typing sensitive data at fake websites, to cyberhijacking, in which crooks use stolen user names and passwords to pilfer online accounts — increased, according to security firms, government regulators and law enforcement officials.

Targeting data storehouses

Hackers also are intensifying attacks on data storehouses.

Last week, Heartland Payment Systems disclosed that intruders cracked into the system it uses to process 100 million payment card transactions a month.

And Tuesday, Monster.com announced it would impose a mandatory password change for all North American and Western European users of its popular employment website. Thieves recently broke into Monster's databases to steal user IDs, passwords and other data that could be useful in a variety of scams.

"There are limitless opportunities in data of this quality," says Robert Sandilands, anti-virus director at the security firm Authentium.

To cybergangs, the implosion of the financial markets and widespread job cuts have translated into more opportunities.

Not long after banking giant Wachovia failed, phishing e-mail began circulating asking current and former customers to type in personal information to a website to complete mandatory installation of a new Internet security certificate. The website was a counterfeit, and some users who fell for the scam had their computers infected with the Gozi Trojan, which funnels stolen data to a computer server equipped to instantly sell the data to other criminals, according to the security firm SecureWorks.

Some thieves have stuck to the path of least resistance, snaring account user names, passwords and Social Security numbers. Cybercrime groups have gone further, sending tainted links in e-mail and instant messages, and spreading viruses via the direct messaging systems used on the social-networking websites Facebook, MySpace and Twitter.

Facebook encourages users to report any suspicious messages, but there's only so much it — and the other networking sites — can do to stop cybercriminals.

"We'll investigate and take appropriate action, which may include disabling the sender's account and blocking certain links from being posted," says Facebook spokesman Barry Schnitt.

But cybergangs now routinely activate hundreds of accounts by the minute, dedicating them to criminal pursuits.

Tainted links also are increasingly turning up in routine search queries on Google, Yahoo search and Windows Live search. The search companies also say they can do little to stem the rising tide of cybercrime. Google spokesman Jay Nancarrow says only that the search giant has "strict policies" against fraudulent practices, which it takes pains to enforce.

The FBI and Secret Service have created partnerships with police agencies around the world to combat cybercrimes. U.S. agents have been able to infiltrate several organized crime groups to make dozens of arrests, says Shawn Henry, assistant director of the FBI Cyber Division. Even so, "The offense tends to outpace the defense," Henry says. "The cyberthieves are extremely creative."

The threat from insiders

Some cybercriminals have begun to spread malicious programs by corrupting online banner ads. Security firm Finjan reports that new tools being sold on criminal forums can be used to infect online ads that use Adobe's popular Flash player.

The wide availability of such tools — and the fact that thousands of tech-savvy workers are being laid off in today's economy — is raising concerns that some of the jobless might see cybercrime as a way to survive.

"Unemployed IT personnel potentially can find easy income by purchasing and using crimeware," says Finjan CTO Yuval Ben-Itzhak. "We expect a rising number of people will try."

Some novice cybercrooks won't need anything fancier than a Web browser to get rolling. M. Eric Johnson, director of the Center for Digital Strategies at the Tuck School of Business at Dartmouth College, recently tried typing simple search queries, such as "insurance record," in Google and on file-sharing networks Gnutella and LimeWire.

He collected 3,328 files with potentially sensitive medical information; about 5% held data that could be used to fraudulently buy drugs or bill treatments. Data thieves are using such simple steps, too, he says.

Data-stealing gangs could begin reaching out to laid-off or disgruntled employees who know their employers' tech systems, security experts warn. Database security firm Application Security's recent audits of 179 organizations found 56% had suffered at least one data breach in the past 12 months. The survey does not reveal how any particular breach happened.

"It's a three-legged beast," says Pat Clawson, CEO of Lumension Security. "There is an absolute crunch in IT spending, there are more profit-minded hackers, and employees with access to valuable data" are willing to sell access to criminals.

About 75% of the 1,400 tech operations and information management professionals recently surveyed by Lumension and Ponemon Institute said cybercrime remains a major concern, despite efforts to thwart hackers.

"In the next year or two, these challenges will increase in both breadth and depth of threats," says Larry Ponemon, chairman of Ponemon Institute.

'It's so easy'

In a recent episode that reflected the complexity of leading-edge attacks, three different thieves collaborated to steal $99,000 from a credit union, says Tom Miltonberger, CEO of security firm Guardian Analytics.

The first thief pilfered a credit union member's online account user ID and password, and gave it to a second thief. That person then logged on several times to see images of cleared checks and to monitor the balance available on a pre-approved home equity line of credit, says Miltonberger, who investigated the case.

That information went to a third thief, who drew up a forged fax request with instructions to transfer funds from the home equity line of credit into the checking account, and then to wire those funds to another account. Because the forged signature was so good, the credit union carried out the transfer.

No one has been arrested in the case.

In another recent attack, someone acquired the user name and password for a system administrator at CheckFree.com, the nation's largest e-bill payment system. Using those log-in credentials, an intruder gained access to CheckFree's domain name service account — an account that permits the administrator to redirect traffic trying to access CheckFree's home page to other legitimate company pages.

For several hours, the intruder redirected anyone typing www.mycheckfree.com to a Web server in the Ukraine that tried to install a password-stealing Trojan. Although as many as 160,000 customers may have been affected, none had any of his or her data stolen, says Lori Stafford-Thomas, a spokeswoman for Fiserv, the parent company of CheckFree. "CheckFree sites are all up and running properly and securely," she says.

But the attempt was a sign of things to come, says Amit Klein, CTO of security firm Trusteer.

"The moral of this attack is that it's so easy to take over your (website)," Klein says. "I just need to get ahold of your user name and password once. And we all know how easy it is to get your credentials."

Beverage merchandiser Terrazas knows all too well the downside of having one's sensitive data stolen. He says Bank of America covered the illicit charge to his debit card and gave him a new card account number. But he had to alter several other financial accounts to reflect the change, and he no longer trusts using his debit card to pay bills or make purchases online.

"It's a bummer that somebody took my information," he says. "But if I don't want this to happen again, this is what I have to do."

Data Loss Costing Companies $6.6 Million Per Breach

2009-02-06T21:13:00.002+05:30

COST : Data Loss Costing Companies $6.6 Million Per Breach

Customers, it seems, lose faith in organizations that can't keep data safe and take their business elsewhere, a Ponemon Institute survey found.

By Thomas Claburn

InformationWeek

February 3, 2009

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=213000512&cid=nl_tw_security_H

The total average cost of a data breach last year reached $202 per record, a 2.5% increase since 2007, a study published Monday revealed.

The study was conducted by the Ponemon Institute, a privacy and data-protection research group, and PGP, a data-encryption vendor. It was based on the costs incurred by 43 organizations following actual data breaches.

According to the report, the total average cost per company surveyed was more than $6.6 million per breach, up from $6.3 million in 2007 and $4.7 million in 2006. The highest reported total cost among the 43 respondent organizations was $32 million.

Of the average $202 per record cost, $139 was attributable to lost businesses as a result of the breach. As a percentage of the total cost per record, that represents 69%, which is up from 67% in 2007 and 54% in 2006. Customers, it seems, lose faith in organizations that can't keep data safe and take their business elsewhere.

"This finding reinforces the message delivered by leading enterprise IT managers and industry analysts that organizations must focus on proactively protecting their data instead of relying exclusively on written policies, procedures, and training," the report says.

Of particular note for many organizations will be the finding that third-party data breaches have become more common and that they cost more than internal breaches. Breaches that originated with outsourcing companies, contractors, consultants, and business partners accounted for 44% of the breach total, up from 40% in 2007. Third-party breaches cost an average of $231 per record, compared with $179 for breaches originating from within the organization that owns the data.

At the same time, it's insider negligence that's the biggest cause of breaches. According to the study, more than 88% of the breaches studied in 2008 arose from an insider's mistakes. At least such breaches tend to be less expensive, at $199 per record, than breaches arising from malicious acts, at $225 per record.

In terms of preventive measures, the top three employed by respondents were training programs, additional manual procedures or controls, and the expanded use of encryption. PGP, as it happens, sells encryption products and services to businesses.

Long viewed as more trouble than it was worth, encryption may finally have become a necessity. Heartland Payment Systems, which in mid-January disclosed a potentially massive data breach that could affect more than 100 million accounts, said just last week that it was accelerating its effort to deploy end-to-end encryption to protect its transaction data. Better late than never, but pre-breach deployment would have been better still.

Data-loss prevention products can protect your intellectual property from internal mishandling. InformationWeek has published an independent review of some of the leading products.

Two-thirds of UK's top IT security jobs unfilled

2009-02-06T21:13:00.001+05:30

GAP : Two-thirds of UK's top IT security jobs unfilled

It's all about the skills

by Nick Heath

3 February 2009

http://www.silicon.com/research/specialreports/future-proofing/two-thirds-of-uks-top-it-security-jobs-unfilled-39383815.htm

An IT skills shortage has been blamed for two-thirds of the top computer security jobs available in the UK remaining unfilled.

Of the 14 chief security officer positions that have become vacant in the UK over the past four months, only about one-third had been taken up, according to chairman of the Institute of Information Security Professionals (IISP) Paul Dorey.

The IISP - the IT security industry members' association - runs a scheme checking skills among security professionals in the private sector and from April will also take over responsibility for accrediting expertise among security specialists and contractors working in Whitehall.

Dorey said the difficulty in filling the 14 posts in both the public and private sector is due to the size of the talent pool.

"The reason it is taking so long to fill those 14 jobs is that the employers are all fishing for the same people," Dorey told silicon.com.

"The genuine issue is that there is a shortage of appropriate security professionals and we need more processes to provide proper accreditation in the field to give them the training and monitoring they need.

"It is about skilling people up more and more, so they are able to do the higher end jobs, and increasing the size of the talent pool."

This year the IISP expects that the number of computer security specialists to achieve its highest level of security accreditation will reach 500.

Sharon Wiltshire is chairman of the Infosec Training Paths & Competencies (ITPC) scheme at the Central Sponsor for Information Assurance, a unit within the Cabinet Office.

The ITPC is the government's in-house training scheme for information security professionals working for Whitehall, the accreditation portion of which will transfer to IISP in April.

Wiltshire told silicon.com that as more people passed through the accreditation scheme, it would help better meet the UK's demand for skilled computer security staff.

"Having a qualification that goes beyond the basic level is going to be a help [for organisations] and will also help promote a better career path for individuals," she said.

Under the IISP, Whitehall security staff will be able to pit their skills against a more rigorous testing regime than before, including an interview with their peers to test their IT security expertise.

Wiltshire said the accreditation process will remain voluntary for most Whitehall security staff but added that some departments already demand ITPC accreditation, including some parts of the Ministry of Defence and The National Technical Authority for Information Assurance.

Cybersecurity vendors own network caught virus

2009-02-06T21:12:00.001+05:30

HIT WICKET : Cybersecurity vendors own network caught virus

When this server's a-rockin'...

By Dan Goodin in San Francisco

4th February 2009

http://www.theregister.co.uk/2009/02/04/sra_virus_infection/

SRA International, a government contractor that provides cybersecurity and privacy services, has warned its employees their personal information may have been stolen after hackers planted a virus on its computer network.

The malware was installed on the same network that stored employees' personal data including names, addresses, dates of birth, health information and social security numbers, according to a letter filed with Maryland's Office of Attorney General. Information might also include personal employee details included in security position questionnaires.

Company investigators don't know whether the information has been intercepted but decided it was appropriate to warn employees of the possibility, the letter said. The firm has offered the services of a credit monitoring company to mitigate the chances of identity theft. The breach was reported earlier by IDG News.

The letter didn't say how the virus made its way into a presumably secure network.

"We have shared our findings with our anti-virus vendor and they have updated their virus definitions to detect the virus files we identified," the letter stated. "While we have no specific information, we believe that the security issue may affect more than just SRA."

The letter went on to admonish employees that news of the breach "is company proprietary and should not be discussed externally."

SRA had close to 6,500 employees as of June 30, according to the company's annual shareholder report. The same document went on to praise its computer security savvy.