International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Tuesday, November 09, 2010

Identity theft and misuse of data is of top concern to people around the world as well as in the United States. That's a challenge for our society, our political leadership and the IT industry. It's also a challenge to our customers. End users are sensitive to security technology and security safeguards used for Internet banking and online transactions. Our belief is that it's best to let people see that you have good security rather than making it invisible to people. It's the equivalent of showing people the vault in the back room in your great grandmother's generation.

What people want to see now is that their Internet banking and identity data is safe. We've seen this more than we did three or four years ago. Our customers want two-factor identification not to be invisible. If you log onto your bank through a kiosk device it acknowledges that you haven't used this device before and it puts you through an extra handshake.

 

(Source: Forbes)

Full story

Forbes

Tuesday, November 09, 2010 4:11:50 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 05, 2010

Facebook admitted late last week that some developers have sold user IDs (UIDs) to data brokers. The popular social-networking site said it has taken steps to prevent this in the future, including a six-month suspension of some developers. In a post Friday on the company's Developer Blog, Facebook's Mike Vernal said the company has "discovered some instances where a data broker was paying developers for UIDs." He noted that the developers were less than a dozen, mostly small developers, and that none of the apps were in the top 10 on the platform. He also noted that some sharing of UIDs happened "inadvertently" due to "an issue with the way that web browsers work." He added that no evidence was found that this "sharing" resulted in the collection of private user information. With a user ID, a user's public information, including name, can be found. The Journal found that at least one data broker, RapLeaf, had correlated the user IDs with its own database of Net users, and had shared the Facebook IDs with other firms.

This kind of data correlation can help to create a user behavioral profile. RapLeaf said the sharing wasn't intentional, and has agreed to remove all the UIDs it has. The company is no longer allowed to conduct activities on the Facebook platform.

 

(Source: News Factor Network)

Full story

News Factor Network

Friday, November 05, 2010 5:25:49 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, October 29, 2010

A former IT staffer has been sentenced to a year and a day in prison for stealing sensitive information belonging to his co-workers and using the data to make money filling out online health surveys. Cam Giang, 31, was fired from the University of California San Francisco Medical Center earlier this year after investigators discovered that he'd been using the names, birthdays and Social Security numbers of other UCSF employees to fill out hundreds of online surveys.

The point was to collect online vouchers, worth US$100 each. He had worked at the medical center's IT department for five years and had access to the sensitive information through his job, according to court records. Between January and April of this year, Giang filled out 382 surveys before the company that was paying for them, StayWell, figured out what was going on. StayWell had been offering UC employees the gift vouchers as incentives to fill out health surveys, but it grew wise to the scam. The company received complaints from employees who couldn't fill out the survey. When StayWell investigated, it turned out that Giang had already filled out surveys in their names.

 

(Source: Computer World)

Full story

Computer World

Friday, October 29, 2010 3:48:07 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 28, 2010

ZDNet reported recently that a Western Australian man was the victim of a new bizarre twist of identity theft. According to the report, Roger Mildenhall, was contacted by a neighbor saying he had seen one of his investment houses for sale. Mildenhall looked into it and found that it was for sale . He was also surprised to learn that he sold another property in June. In this economy, you might jump for joy. Roger was dumbfounded since he never intended to sell these properties - this was done unauthorized by him.

ALL transactions were made via email, telephone, and fax. No human interaction. The report indicates that alleged scammers hacked into Mildenhall's email account. From there they were able to get to his personal and property documents.

 

(Source: Infosec Island)

Full story

Infosec Island

Thursday, October 28, 2010 11:03:37 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, September 09, 2010

While social media use has grown dramatically across all age groups, older users have been especially enthusiastic over the past year about embracing new networking tools. Social networking use among internet users ages 50 and older nearly doubled—from 22% in April 2009 to 42% in May 2010.

- Between April 2009 and May 2010, social networking use among internet users ages 50-64 grew by 88%--from 25% to 47%.

- During the same period, use among those ages 65 and older grew 100%--from 13% to 26%.

- By comparison, social networking use among users ages 18-29 grew by 13%—from 76% to 86%.

 

(Source: Pew Research Center)

Full story

Pew Research Center

Thursday, September 09, 2010 4:38:41 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The personal details of thousands of football fans who bought World Cup tickets from official FIFA outlets have been stolen and sold for up to £500,000. Investigators are now trying to establish who purchased the information, which includes the passport details and dates of birth of up to 250,000 supporters, amid concerns it could have fallen into the hands of criminal gangs or even terrorist groups. The massive data breach, which leaves fans open to identity theft and fraud, is now the subject of a criminal investigation. It has been alleged that an employee of one ticketing agency may have been offering the information for sale. The stolen database is understood to have been compiled by FIFA, football’s world governing body, in the run-up to the 2006 World Cup in Germany.

 

(Source: Daily Mail)

Full story

Daily Mail

Thursday, September 09, 2010 4:32:48 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, May 18, 2010

Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.

Phishers often set up their fraudulent sites using ready-made “phish kits” — collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a “backdoor” that allows them to get back into the site at any time.

 

(Source: Krebs on Security)

Full story

Krebs on Security

Tuesday, May 18, 2010 4:48:16 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, May 07, 2010

As much heat as Facebook has taken recently for its privacy policies and the freedom with which it shares data across the Web and around the world, Facebook is still not the biggest threat to online privacy--you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.

Here are some of the key findings of the Consumer Reports survey: • A projected 1.7 million online households had experienced online identity theft in the past year. • An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years. • Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address. • An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.

 

(Source: PC World)

Full story

PC World

Friday, May 07, 2010 1:37:28 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, April 22, 2010

Patients whose medical identities are stolen face serious lingering effects. Fraudulent healthcare events can leave erroneous data in medical records. This erroneous information–like information about tests, diagnoses and procedures–can greatly affect future healthcare and insurance coverage and costs. Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

 

(Source: Infosec Island)

Full story

Infosec Island 

Thursday, April 22, 2010 2:01:39 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, February 22, 2010

There are two aspects you have to consider when negotiating security and privacy with a service provider. First, you have to have the correct principles encoded in your contract. Second, you have to worry about how well they are executed by the provider. If you read most service contracts you will see that "law enforcement assistance" sections are usually vague. It is up to you to negotiate terms that address key issues of data protection and safeguard your rights:

* Demand that law enforcement requests are properly documented. Show me the warrant. A phone call from agent Bob at headquarters is not a warrant.

* Demand that you are notified of any requests that may affect your data. You have the right to contest warrants in court and most corporations do contest them.

* Demand that each data access request, whether granted or not is documented.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Monday, February 22, 2010 6:41:57 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, January 27, 2010

The design of the future German identity card has been unveiled. Credit-card sized and made of polycarbonate, it will be issued from November 2010 on. The new card aims to ease the citizens' transactions with government and businesses and to increase security as well as to enhance public confidence in electronic services.

The front side has the image of the federal eagle, whereas on its reverse side the Brandenburg Gate is depicted. The new card contains numerous security features in order to increase protection against forgery. A special feature is that the holder's details are digitally stored. It is also capable to carry a digital signature. Both features will allow card holders to complete commercial online transactions as well as official business with government offices.

 

(Source: eGov Monitor)

Full story

eGov Monitor

Wednesday, January 27, 2010 1:58:51 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, December 08, 2009

The government is preparing to set up a National Identity Management Center (NIMC) to distribute National Identity Cards (NIDC) across the country. Government officials said that the center will be located in Kathmandu and will distribute cards through thousands of government employees mobilized across the country.

Government officials are making preparations to set up the center on the basis of the recently submitted recommendations of a task force formed to study the need and structure of such a center. “We have recommended to the government to set up NIMC to distribute NIDCs as committed in the national budget and government policy and programs," Lilamani Paudel, Secretary at the Office of the Prime Minister and Council of Ministers (OPMCM), told myrepublica.com.

 

(Source: Republica)

Full story

BBC

Tuesday, December 08, 2009 2:25:24 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 30, 2009

Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.

Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk. The hackers have been traced to an overseas Internet address, and no Tip Top employees are involved, police said. The hackers found a weak point in the restaurant's computer defenses, wormed their way in, and installed "malware" that stripped the numbers.

 

(Source: The Columbus Dispatch)

Full story

The Columbus Dispatch

Monday, November 30, 2009 2:31:41 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, October 30, 2009

Twitter warned users Tuesday of a new phishing scam on the social networking site. It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.

"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page. The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Friday, October 30, 2009 1:39:29 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Facebook outlined changes to its privacy policy on Thursday and asked for feedback from the social network's more than 300 million users. Members will have until November 5 to send in their comments about the proposed changes.

"This is the next step in our ongoing effort to run Facebook in an open and transparent way. After the comment period is over, we'll review your feedback and update you on our next steps." Some of the changes to Facebook's privacy policy are the result of pressure from Canada, whose privacy czar conducted an investigation into its handling of personal information.

 

(Source: AFP)

Full story

AFP

Friday, October 30, 2009 10:21:03 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 29, 2009

I am advised to "avoid giving my credit card online" and to be "careful when banking online" and to use random, complex passwords that I never repeat and never write down. So, as long as I refrain from commerce, stay indoors and have a superhuman memory, I should be fine!

I worry about identity theft and take measures, throughout the year, to defend my identity. So here's some identify defense advice that's actually practical: * Don't sign credit cards. I sign mine "See ID". Why give a card thief my signature too?

 

(Source: ComputerWorld)

Full story

ComputerWorld

Thursday, October 29, 2009 2:19:16 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, October 21, 2009

Microsoft admitted Hotmail users had been tricked into revealing their passwords, 10,000 of which had been published online.

The spam is being sent from users' accounts to contacts in their address books - so recipients will think it came from one of their friends. While the new spam is not malicious in itself, it does point the contact in the direction of something that is — a "shopping" website. The trick is, the shopping site is not a real one. The scam persuades victims to order goods online by credit card, leaving them vulnerable to identity theft and fraud.

 

(Source: Fox News)

Full story

Fox News

Wednesday, October 21, 2009 10:26:38 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Hotmail and several other Web e-mail providers were recently hit by phishing attacks that gleaned usernames and passwords.It's terribly insecure, but the string of digits 1234567 is a popular password on Hotmail, according to security researcher Bogdan Calin, who analyzed 9,843 stolen Windows Live Hotmail passwords that were posted on a Web site.

In a blog post, Calin said the following were the most common passwords in the Hotmail collection: 123456, 123456789, alejandra, 111111, alberto, tequiero, alejandro and 12345678.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Wednesday, October 21, 2009 9:39:23 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 19, 2009

Tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec report on cybercrime.

Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The "alert" warns them of a virus and offers security software, sometimes for free and sometimes for a fee. "Lots of times, in fact they're a conduit for attackers to take over your machine. They'll take your credit card information, any personal information you've entered there and they've got your machine,"

 

(Source: Reuters)

Full story

Reuters 

Monday, October 19, 2009 9:12:43 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, October 12, 2009

Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.

The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won't be easy.

 

(Source: PCWorld)

Full story

PCWorld 

Monday, October 12, 2009 2:15:17 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, October 09, 2009

Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake Chinese electronics seller to bilk users out of cash and their credit card information, a security researcher said.

"We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, senior manager of Websense's security research team. "By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras and computers."

 

(Source: ComputerWorld)

Full story

ComputerWorld

Friday, October 09, 2009 2:08:26 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.

In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Friday, October 09, 2009 8:08:12 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 08, 2009

Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday.

The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam. A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said.

 

(Source: AFP)

Full story

AFP

Thursday, October 08, 2009 9:28:26 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 01, 2009

It's your birthday. And thanks to your Facebook profile, everybody knows that. Your wall fills up with well wishes from hundreds of "friends." Sure, it's nice to be noticed. But security experts are skeptical about whether sharing information, such as birthdays, with a broad audience is a bright idea. "It's all about providing the bad guy with intelligence," said Robert Siciliano, CEO of IDtheftsecurity.com.

Many people use their birthdate in passwords and personal identification numbers, and security questions often ask for it to resend a lost password. So broadcasting a birthdate could help cybercriminals pose as others as they log on to various Web sites, experts warned.

 

(Source: CNN)

Full story

CNN

Thursday, October 01, 2009 10:49:51 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, September 29, 2009

Web surfing is no longer a solo affair. Facebook, Twitter, and other social networks have quickly become an integral part of the online culture, and with them comes a whole new array of potential security threats.

Social networking is built on the idea of sharing information openly and fostering a sense of community. Unfortunately, an online network of individuals actively sharing their experiences and seeking connections with other like-minded people can be easy prey for hackers bent on social-engineering and phishing attacks. It's important to be aware of the threats, and to maintain a healthy skepticism in your online interactions.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Tuesday, September 29, 2009 10:50:43 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, September 25, 2009

Many major social networking sites are leaking information that allows third party advertising and tracking companies to associate the Web browsing habits of users with a specific person, researchers warn.

That's the conclusion of a study on the leakage of personally identifiable information on social networks done at AT&T Labs and the Worcester Polytechnic Institute. "In some cases, the leakage may be unintentional, but in others, there is clever and surreptitious anti-privacy engineering at work," the EFF said.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Friday, September 25, 2009 12:29:03 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, September 15, 2009

A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in U.S. history pleaded guilty Friday in a deal with prosecutors that will send him to prison for up to 25 years.

Albert Gonzalez, 28, of Miami, admitted pulling off some of the most prominent hacking jobs of the decade. Federal authorities say tens of millions of credit and debit card numbers were stolen. Gonzalez entered guilty pleas in U.S. District Court in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft.

 

(Source: AP)

Full story

AP

Tuesday, September 15, 2009 8:22:56 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, September 11, 2009

A third of Web users under 25 claim they don't care about their "digital tattoo" and the items they post online, says Symantec. Symantec said a "digital tattoo" is created by all the personal information web users post online and can easily be found through search engines by a potential or current employer, friends and acquaintances, or anyone who has malicious intent.

The security firm revealed that nearly two-thirds of all those surveyed had uploaded personal photographs, while 79 percent had at least part of their address online and nearly half had their mobile phone numbers online.

 

(Source: PCWorld)

Full story

PCWorld

Friday, September 11, 2009 9:57:23 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, September 01, 2009

If Google Inc. digitizes the world's books, how will it keep track of what you read? That's one of the unanswered questions that librarians and privacy experts are grappling with as Google attempts to settle a long-running lawsuit by publishers and copyright holders and move ahead with its effort to digitize millions of books, known as the Google Books Library Project.

Librarians and the online world have different standards for dealing with user information. Many libraries routinely delete borrower information, and organizations such as the American Library Association have fought hard to preserve the privacy of their patrons.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Tuesday, September 01, 2009 10:07:21 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, August 31, 2009

Facebook has agreed to make worldwide changes to its privacy policy as a result of negotiations with Canada's privacy commissioner. Last month the social network was found to breach Canadian law by holding on to users' personal data indefinitely.

It will also make it clear that users can deactivate or delete their account. "These changes mean that the privacy of 200 million Facebook users in Canada and around the world will be far better protected," said Canadian privacy commissioner Jennifer Stoddart.

 

(Source: BBC)

Full story

BBC

Monday, August 31, 2009 9:43:45 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, August 27, 2009

Users of social networks are concerned about security but few are taking the steps necessary to protect themselves against online crime, according to a survey released on Wednesday.

Nearly 20 percent of those surveyed said they have experienced identity theft, 47 percent have been victims of malware infections and 55 percent have seen "phishing" attacks, in which hackers seek to capture password information. They also suggested that passwords be changed at least once a month and that friends or coworkers not be allowed to access one's personal computer.

 

(Source: AFP)

Full story

AFP

Thursday, August 27, 2009 8:54:09 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, August 26, 2009

Internet criminals might be rethinking a favorite scam for stealing people's personal information. A report being released Wednesday by IBM Corp. shows a big drop in the volume of "phishing" e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipients click on a link in a phishing e-mail, they land on a rogue Web site that captures their passwords, account numbers or any other information they might enter.

To protect yourself against phishing, access sensitive sites on your own, rather than by following links in e-mails, which might lead to phishing sites.

 

(Source: AP)

Full story

AP

Wednesday, August 26, 2009 10:06:30 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, August 24, 2009

Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer. He has had an unhealthy obsession with computers since the age of 8. "He was self-taught, He didn't go out in the sandbox or play baseball. The computer was his best friend."

"It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."

 

(Source: ComputerWorld)

Full story

ComputerWorld

Monday, August 24, 2009 3:23:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, August 20, 2009

A Canadian model has won a landmark case in a New York court after Google was forced to disclose the online identity of a blogger who anonymously posted derogatory comments about the Vogue covergirl. The ruling came after Liskula Cohen, 36, filed suit in a bid to unmask the identify of her tormentor, who posted suggestive photographs of Cohen on the blog and described her as a "ho" and a "psychotic, lying, whoring... skank."

Google said that while the company does not tolerate "cyber bullying" it is also respectful of privacy. "We sympathize with anyone who may be the victim of cyber bullying,"

 

(Source: AFP)

Full story

AFP

Thursday, August 20, 2009 10:46:08 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, August 19, 2009

US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards. Officials say it is the biggest case of identity theft in American history.

They say Albert Gonzalez, 28, and two un-named Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain. Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.

 

(Source: BBC)

Full story

BBC

Wednesday, August 19, 2009 8:24:59 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, August 17, 2009

A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil.

Networks of infected PCs are referred to as "botnets" and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter. A Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious Web sites, where they download programs that steal banking passwords.

 

(Source: AP)

Full story

AP

Monday, August 17, 2009 9:00:16 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, July 30, 2009

Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn. Data posted on the sites -- name, date of birth, address, job details, email and phone numbers -- is a windfall for hackers, participants at Campus Party, one of the world's biggest gatherings of Internet enthusiasts, said.

A vicious virus Koobface -- "koob" being "book" in reverse -- has affected thousands Facebook and Twitter users since August 2008, said Asier Martinez, a security specialist at global IT solutions provider Panda Security.

 

(Source: AFP)

Full story

AFP

Thursday, July 30, 2009 4:06:24 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, July 22, 2009

The popularity of Facebook and other popular social networking sites has given hackers new ways to steal both money and information, the security company Sophos said in a report released on Wednesday.

About half of all companies block some or all access to social networks because of concerns about cyber incursions via the sites, according to the study. "Research findings also revealed that 63 percent of system administrators worry that employees share too much personal information via their social networking sites, putting their corporate infrastructure -- and the sensitive data stored on it -- at risk," the Sophos report said.

 

(Source: Reuter)

Full story

Reuter

Wednesday, July 22, 2009 10:07:45 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, July 10, 2009

New York's attorney general charged Thursday that Tagged.com stole the identities of more than 60 million Internet users worldwide — by sending e-mails that raided their private accounts. Andrew Cuomo said he plans to sue the social networking Web site for deceptive marketing and invasion of privacy.

"This company stole the address books and identities of millions of people," Cuomo said in a statement. "Consumers had their privacy invaded and were forced into the embarrassing position of having to apologize to all their e-mail contacts for Tagged's unethical — and illegal — behavior."

 

(Source: AP)

Full story

AP

Friday, July 10, 2009 1:48:37 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, July 01, 2009

A blind Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.

Matthew Weigman, 19, was part of a group of telephone hackers that met up on telephone party lines and was associated with more than 60 "swatting" calls to 911 numbers across the country. Weigman, known as "Little Hacker," became involved in telephone hacking around age 14 and continued to operate until last year.

 

(Source: PCWorld)

Full story

PCWorld

Wednesday, July 01, 2009 8:20:43 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, June 16, 2009

A federal grand jury in New Jersey today indicted three people, and five people were arrested in Italy, all in connection with hacking into the IT systems of thousands of companies around the world to gain free access to telephone services, according to the U.S. Attorney's Office in Newark, N.J.

A multinational team of investigators worked jointly to round up the alleged hackers and their financial backers in the scheme to gain access into the systems of many companies -- 2,500 in the U.S. alone -- to steal access codes that the victim companies used to route phone calls through telecom systems, the office said.

The value of all the stolen services was unclear, though the U.S. Attorney's Office said the thieves routed more than $55 million worth of telephone calls over telecommunications networks in the U.S. "This was an extensive and well-organized criminal network that worked across continents," said New Jersey's acting U.S. attorney, Ralph J. Marra Jr., in a statement.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Tuesday, June 16, 2009 10:15:17 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, June 15, 2009

Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers.

And while you may take steps to protect yourself against identity theft, an Associated Press investigation has found the banks and other companies that handle your information are not being nearly as cautious as they could. The government leaves it to card companies to design security rules that protect the nation's 50 billion annual transactions.

 

(Source: AP)

Full story

AP

Monday, June 15, 2009 2:26:32 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, June 11, 2009

The continuing fallout from a hacking incident at U.K.-based Web hosting company VAserv should serve as a powerful reminder that companies need proper data backup and disaster recovery procedures.

The incident, which could result in a fire sale of VAserv to another hosting provider, is also an especially stark example of the kind of havoc that a malicious attacker can wreak on businesses.

Late Sunday, an unknown hacker or hackers attacked VAserve's virtual server infrastructure and deleted about 100,000 sites, or about half of those being hosted by the company, according to The Register.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Thursday, June 11, 2009 2:54:36 PM (W. Europe Standard Time, UTC+01:00)  #     | 

In Beijing, a lawyer has demanded a public hearing to reconsider a government demand that all new personal computers carry Internet filtering software, adding to uproar over a plan critics say is ineffective and intrusive.

(Source Reuters)

Full Article

Thursday, June 11, 2009 9:23:27 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, June 10, 2009
The takedown last week of a rogue ISP by the U.S. Federal Trade Commission (FTC) slashed spam volumes by about 15% and reduced the spam spewed by a pair of big-name botnets by as much as to just 64%, a security firm said today.

"Spam dropped 15% across the board," said Bradley Anstis, director of technology strategy at Marshal8e6. "We especially noticed [the drop] over the weekend," he said, adding that the decline picked up steam slowly.

Last Tuesday, a federal court ordered the plug pulled on 3FN, an ISP operated by Belize-based Pricewert, after the FTC complained that the company hosts spam botnet command-and-control servers, as well as sites operated by child pornographers, identity thieves and other criminals.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Wednesday, June 10, 2009 3:42:17 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, June 09, 2009

A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims' computers.

According to court documents, Alexey Mineev set up several "drop accounts" that were then wired funds stolen from banking and brokerage accounts between July and December 2007. He pleaded guilty to one count of money laundering on Wednesday, according to Mike Ruocco, deputy to Judge Paul Gardephe of the U.S. District Court for the Southern District of New York, who is presiding in the case.

The criminals would infect PCs with malicious Trojan software that would steal account numbers and passwords whenever victims logged into their accounts online.

 

(Source: ComputerWorld)

Full story

ComputerWorld

Tuesday, June 09, 2009 8:02:00 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, June 01, 2009

Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.

People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises.

 

(Source: Reuters)

Full story

Reuters website

Monday, June 01, 2009 2:51:59 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, May 28, 2009

ID theft victims are much more likely to get hit with fraudulent charges on their credit cards or debit cards, according to a new study from the Identity Theft Resource Center that tracks the effects of ID theft.

While repairing the damage from ID theft involves some cost for things like police reports, photocopying, travel, etc., ranging from an average of $739 for dealing with damage done to an existing account to $951 to fix the aftermath of a fraudulently opened new account, the real pain comes from the time spent dealing with the mess. It took 58 hours on average to deal with ID theft involving existing accounts, and a painful 165 hours for new accounts, the study found.

 

(Source: PCWorld)

Full story

PCWorld website

Thursday, May 28, 2009 10:18:09 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, May 21, 2009

Identity thieves that hit Facebook last week with a new round of phishing attacks are harvesting passwords for profit.

The newest Facebook attacks resemble previous phishing rounds in their tactics: A compromised account sends a malicious link to friends. That link leads to a site that mimics the legitimate log-in page. But users duped into entering their usernames and passwords are likely giving away more than just their Facebook credentials.

"It's not surprising that they're targeting Facebook," said Kevin Haley, a director on Symantec's security response team. "Facebook has, what, 200 million-plus users? The bad guys always go where's there's a lot of people."

 

(Source : PCWorld)

Full story

PCWorld website

Thursday, May 21, 2009 4:16:57 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, May 13, 2009

"In a document that outlines a Digital Japan Creation Project, dubbed the ICT Hatoyama Plan, Japan’s Ministry of Internal Affairs and Communications revealed plans to build a massive cloud computing infrastructure to support all of the government’s IT systems. Called tentatively the Kasumigaseki Cloud, the new infrastructure will be built in stages from now until 2015."

"The goal of the project consolidate all government IT systems into a single cloud infrastructure to improve operation efficiency and reduce cost. 'The Kasumigaseki Cloud will enable various ministries to collaborate to integrate and consolidate hardware and create platforms for shared functions,' according to MIC. 'Efforts will be made to efficiently develop and operate information systems with the aim of greatly reducing electronic government–related development and operating costs while increasing the pace of processing by integrating shared functions, increasing collaboration among systems, and providing secure and advanced governmental services.'

According to the MIC, the Kasumigaseki Cloud will eliminate the need for individual ministries to maintain their own IT systems by consolidating current data centres, and allow each ministries to use only the computer resources necessary through the cloud platform. Additional proposals were put forth to develop and implement ubiquitous Green ICT solutions, including initiatives like the Kasumigaseki Cloud, boost ICT human resources, and the creation of 'safe and secure networks' for the public.

Read the full story on Green Telecom here.

This blog entry was shared through Bill St Arnaud's blog spot

Wednesday, May 13, 2009 6:37:25 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, April 10, 2009

ITU is pleased to announce the launch of its 2009 Cybersecurity and ICT Applications Essay Competition.

The 2009 ITU Cybersecurity and ICT Applications Essay Competition is open to current students and recent graduates in economics, political science, law, literature, telecommunications, computer science, information systems and related fields between the ages of 20 and 30 years old. The winners of the 2009 Essay Competition will be offered the opportunity of a consultancy contract within the ITU Development Sector's ICT Applications and Cybersecurity Division for three months. The winners will be given a contribution towards the cost of an economy class flight from their place of residence. In addition, they will be paid the sum of CHF 6000 towards living expenses for the duration of the contract.

To enter the competition you need to submit an essay on one of the following essay topics:

  • Mobiles for Development: Enabling Low-Cost e-Applications for Rural and Remote Areas (e-Health, e-Government, e-Environment)
  • Protecting Children and Youth in the Internet and Mobile Age: Innovative Technical and Social Solutions
  • Connecting the World Responsibly: Empowering Women and Girls Through Creative Uses of ICTs
  • Personal Information Online (internet/mobiles): Responding to User Safety Concerns

All applications should be submitted online through the competition website.

The deadline for applications is 14 June 2009.

We look forward to reviewing your applications and wish you the best of luck in the competition!

 

Friday, April 10, 2009 7:17:37 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, February 26, 2009

The Anti]Phishing Working Group (APWG) and IPC has released a new idustry advisory document titled: "What to do if your site has been hacked by phishers". The purpose of the document is to provide website owners with specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for phishing.

The document notes that "Some phishers use compromised computers to host malicious or illegal activities, including identity theft, fraudulent financial activities, as well as collecting personal information and business identities from their victims for future use. Others attack or 'hack' into and gain administrative control over the legitimate web sites of businesses and organizations of all sizes. Such hacked web sites disguise the bad acts the phishers perform. More importantly, web site hackers are fully aware that the web sites they hack and 'own' are reputably legitimate."

"Law enforcement and anti]phishing responders respect and operate under established business, technical, and legal constraints when they seek to remedy or take down hacked web sites. These measures protect legitimate web site operators but unfortunately serve the attacker as well by extending the duration of the attack. The Anti]Phishing Working Group (APWG) offers this document as a reference guide for any web site owner or operator who suspects, discovers, or receives notification that its web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containment, recovery, restoration, and follow]up when an attack is suspected or confirmed. This document serves a guideline for web site owners."

See the full APWG "What to do if your site has been hacked by phishers" Industry Advisory here.

Thursday, February 26, 2009 8:06:25 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, March 13, 2008

Time Warner's AOL Internet Divison is buying the social networking site, Bebo, for $850m cash.

Social networking sites are valuable to online advertisers as the information posted by members is very valuable to online advertisers who can then target them with those products and services which match their profiles.

Bebo is reported to have 40 million members worldwide, many of whom are within the 13-24 year old age range and thus attractive to advertisers. ComScore report that Bebo is the UK's second most popular social networking site after Facebook. In the US, Bebo is the third biggest social networking site, after MySpace and FacebookComScore report that Bebo is the world's ninth most popular social site.

Read full article at bbc website.

Thursday, March 13, 2008 3:37:22 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, March 03, 2008

The UK  industry watchdog, the Press Complaints Commission (PCC), will undertake an investigation into the use of material taken from personal profiles on social networks by newspapers.

Tim Toulmin, director of the PCC has said that his organisation had received complaints from people about material "that is being re-published when they themselves are the subject of news stories", and suggests that guidelines are necessary in order to guide the press in their use of social network content. Due to the present lack of boundaries, the PCC has commissioned Ipsos MORI to conduct research into public attitudes. In addition, Mr Toulmin points out that social networking sites have a responsibility to advise their users about the implications of uploading personal information to public, or semi-private spaces and goes one step further, saying, "..the press do have obligations over and above those that govern the online community".

However, Bob Satchwell, Director of the Society of Editors stated that the press should be subject to the same regulation as the public.

The recent media interest in the large number of suspected suicides among young people in Brigend, UK, has caused concern about the way social network profiles were being used by journalists.

The British Journal of Photography has stated that the publication of images on social networks does not automatically grant rights to republish photographs elseware.

Read full article on BBC website

Monday, March 03, 2008 12:26:19 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, February 15, 2008

Once more there is controversy over a new database due to go online in September 2008, which will hold the school records of all UK school pupils aged 14years and over. Amid security concerns from a number of sources, the British government is under pressure not to implement it.

The Learning and Skills Council (LSC)  insist that it is not a "tracking system" and would in fact be using existing information that had been collected a number of times already. David Russell, national director of resources at the LSC, said "It will only hold factual information such as name, surname, age, postcode, qualifications achieved and courses attended."

Under the Managing Information Across Partners (MIAP) system - to be launched on Thursday 21st February 2008 by Higher Education Minister Bill Rammell - the number will stay with them until they retire.

However, data security watchdog, the Information Commissioner stated that no database could be totally secure and a spokesman added, "We have provided advice and assistance to help ensure that this system is watertight and secure - but no system is immune to human error and breaches can and do occur..."

Last year, the British government put another planned database of children, ContactPoint, on hold, pending a security review and changes to the system including its access controls. ContactPoint is designed for use by child protection agencies. The review was ordered after the loss by HM Revenue and Customs of two discs containing the personal and bank details of 25 million people.

Read full article at the BBC News website

Friday, February 15, 2008 4:36:42 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, September 17, 2007

The Wall Street Journal Online reports on the five-year sentence given to Irving Escobar, a ring leader in a TJX Cos. linked credit-card fraud. He "was sentenced to five years in prison and has been ordered to pay nearly $600,000 in restitution for damages resulting from stolen financial information, Florida officials said. The sentencing follows a guilty plea by Mr. Escobar, 19 years old, of Miami, to charges that he participated in a 10-person operation that used counterfeit cards bearing the stolen credit-card data of hundreds of TJX customers to purchase approximately $3 million in goods and gift cards."

Read more on this news article here.

Monday, September 17, 2007 11:22:03 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, September 12, 2007

A Swedish security researcher, Dan Egerstad, has recently revealed how he collected 100 passwords from embassies and governments worldwide by sniffing Tor exit routers. Egerstad explains on his blog how he did it, and calls attention to and re-iterates the lack of appreciation for cybersecurity among organizations worldwide.

Read related article on Ars Technica here.

Wednesday, September 12, 2007 7:58:16 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, September 05, 2007

Security firm Sunbelt recently discovered that the Bank of India's hacked website was serving dangerous malware, and the infamous Russian Business Network, an ISP linked to child pornography and phishing, is behind the attack. The service provider in question has developed a notorious reputation. According to VeriSign threat intelligence analyst Kimberly Zenz, the Russian Business Network (RBN) is different to other service providers because "unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. A scan of RBN and affiliated ISPs' net space conducted by VeriSign iDefense analysts failed to locate any legitimate activity. Instead, [our] research identified phishing, malicious code, botnet command-and-control, denial-of-service attacks and child pornography on every single server owned and operated by RBN."

Patrik Runald, senior security specialist at F-Secure, said: "No one knows who the RBN is. They are a secret group based out of St Petersburg that appears to have political connections. The company doesn't legitimately exist. It's not registered and provides hosting for everything that's bad. Their network infrastructure is behind a lot of the bad stuff we're seeing and it has connections to the MPack Group [a well-known group of cybercriminals which used MPack software to steal confidential data]." Runald said that, in the case of the Bank of India's hacked website, RBN used an Iframe to launch another window which then pushed victims to a webpage containing malicious code. The Trojans used in this case were designed to steal passwords from PCs and upload Trojan proxies in aide of developing a botnet.

Read the full article on ZDNet.co.uk.

Wednesday, September 05, 2007 11:28:53 AM (W. Europe Standard Time, UTC+01:00)  #     | 

BBC News reports that easy to use tools that automate attacks on computers are being produced by malicious hackers, according to security experts, ranging from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks. The top hacking tools may cost up to £500, with some providing 12 months of technical support. Tim Eades from security company Sana said that malicious hackers had evolved over the last few years and were now selling the tools they used to use to the growing numbers of cyber thieves. Individual malicious programs cost up to £17 (25 euros), he said. At the top end of the scale, said Mr Eades, were tools like the notorious MPack which costs up to £500. The regular updates for the software ensure it uses the latest vulnerabilities to help criminals hijack PCs via booby-trapped webpages. It also includes a statistical package that lets owners know how successful their attack has been and where victims are based. MPack has been very popular among criminally minded groups and in late June 2007 managed to subvert more than 10,000 websites in one attack that drew on the tool.

Paul Henry, vice president of Secure Computing, said there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack. Mr Henry said the tools were proving useful because so many vulnerabilities were being discovered and were taking so long to be patched. Many hacking groups were attracted to selling the kits because it meant they took little risk themselves if the malicious software was used to commit crimes. "The only thing you are going to find is a disclaimer that this was distributed for educational purposes and the user accepts any responsibility for any misuse," he said.

To read full article, click here.

Wednesday, September 05, 2007 11:12:11 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, July 20, 2007

The OECD Committee for Information, Computer and Communications Policy (ICCP), through its Working Party on Information Security and Privacy (WPISP) has developed the Recommendation on Electronic Authentication and the Guidance for Electronic Authentication. The project was made possible with the participation of Jane Hamilton from Industry Canada and with the support of delegates from Australia, France, Hungary, Korea, Norway, the United States, the OECD Secretariat and the Business and Industry Advisory Committee (BIAC) to the OECD. On 12 June 2007, the OECD Council adopted the Recommendation, and the Guidance for Electronic Authentication, was adopted by the ICCP Committee in April and declassified on 12 June 2007 by the OECD Council.

The Recommendation encourages efforts by OECD member countries to establish compatible, technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities. It also reaffirms the important role of electronic authentication in fostering trust online and the continued development of the digital economy.

The OECD Guidance on Electronic Authentication aims to assist OECD member countries and non-member economies in establishing or amend their approaches to electronic authentication with a view to facilitate cross-border authentication. The Guidance sets out the context and importance of electronic authentication for electronic commerce, electronic government and many other social interactions. It provides a number of foundation and operational principles that constitute a common denominator for cross-jurisdictional interoperability.

Both the Recommendation and the Guidance conclude a work stream initiated in response to the "Declaration on Authentication for Electronic Commerce" adopted by Ministers at the Ottawa Ministerial Conference held on 7-9 October 1998 and serve as a bridge to future OECD work on identity management.

The ITU Telecommunication Standardization Sector with its Focus Group on Identity Management (FG IdM) works to facilitate the development of a generic Identity Management framework, by fostering participation of all telecommunications and ICT experts on Identity Management. To read more about the ITU-T FG IdM activities, go here.

Read the full article on the OECD Recommendation on Electronic Authentication and the Guidance for Electronic Authentication here.

Friday, July 20, 2007 9:58:44 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, October 27, 2006

"Authentication processes can contribute to the protection of privacy by reducing the risk of unauthorized disclosures, but only if they are appropriately designed given the sensitivity of the information and the risks associated with the information. Overly rigorous authentication process, or requiring individuals to authenticate themselves unnecessarily, can be privacy intrusive."

The Office of the Privacy Commissioner of Canada's recently released new Guidelines for Identification and Authentication. The Guidelines are intended to help organizations develop appropriate identification and authentication processes in ways that respect the fair information practices in the Personal Information Protection and Electronic Documents Act (PIPEDA) and ensure compliance with its security provisions by providing the strongest protection for customers’ personal information. The scope of the document is limited to identification and authentication techniques between organizations and individuals.

These guidelines were released by the Canadian Privacy Comissioner, is a good document discussing both privacy risks and security threats:

See also a more detailed document published by Industry Canada in 2004 named "Principles for Electronic Authentication".

This article was accessed through Schneier's blog: Schneier on Security.

Friday, October 27, 2006 4:02:05 PM (W. Europe Standard Time, UTC+01:00)  #     |