International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Tuesday, December 18, 2007

ITU, in collaboration with the ictQATAR and Q-CERT, will be hosting a workshop 18-21 February 2008 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection (CIIP) and a Cybersecurity Forensics Workshop. The workshops will be held in Doha, Qatar.

The description of the event, draft agenda, invitation letter, and registration form for meeting participants are available on the event website.

Contact cybmail(at)itu.int with any general queries you may have related to the workshop.

Tuesday, December 18, 2007 5:33:04 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, December 17, 2007

A presentation on "Measuring National Cybersecurity Readiness" has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation by Robert Shaw, head of the ICT Applications and Cybersecurity division, provides background information and resources on cybersecurity, information on related ITU-D activities and initiatives, and other relevant activities. For more information on CYB's activities involving cybersecurity, visit the division website.

Monday, December 17, 2007 5:25:52 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, December 14, 2007

According to McAfee, the website of the French Embassy in Libya is currently under attack through IFRAME injection. With the visit by Libyan President Muammar Khadafi in the country, controversy is stirring up which has apparently triggered interest among people behind the attack. The iframe routes the victim to sites hosted through Hong Kong provider, then it redirects the victim to Russia and Ukraine where exploit and downloaders are used (Exploit-YIMCAM and downloader-AUD). McAfee warns people not to attempt reaching the site as it is still dangerous.

For more information, visit the McAfee Blog.

Friday, December 14, 2007 10:12:11 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, December 13, 2007

The International Telecommunication Union (ITU) highlighted the role played by information and communication technologies (ICTs) as both a cause and a potential cure for climate change at the UN Conference on Climate Change in Bali, Indonesia, on 12 December.

ICTs can be used for remote monitoring of climate change and the gathering of crucial scientific data such as using telemetry or remote sensing by satellite. Smart and emerging technologies can be integrated into energy-efficient products, notably in next-generation networks (NGN) where ITU's Standardization sector (ITU-T) is carrying out vital specialized work.

Activities at the ITU's Development Sector (ITU-D) refer to promoting a role for information and communications technologies in the protection of the environment, together with partners from other international organizations and the industry. ITU-D also provides assistance to developing countries in emergency telecommunications as well as in the area of e-waste.

At the UN Conference, ITU raised awareness on standby services of ICT equipment such as computers and PC screens, DVD players, TVs and battery chargers, which places a burden on energy consumption. "Always-on" services, like broadband or mobile phones on standby, have increased energy consumption compared with fixed-line telephones, which do not require an independent power source.

ITU underlined an active commitment to promote the use of ICTs as a positive force to reduce greenhouse emissions and to find ways to mitigate the effects of climate change. In this regard, ITU can support and facilitate scientific studies aimed at implementation of new measures against the negative effects of climate change. As part of a unified effort of the UN system, ITU can contribute in its areas of expertise to support Member States and to foster partnerships with the private sector to develop more energy-efficient technologies.

For more information, click here.

Thursday, December 13, 2007 12:59:57 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, December 11, 2007

PC Tools recently discovered a social-engineering attack that uses trickery rather than a software flaw to access victim's valuable information. It is a new program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners. The program is believed to be making the rounds in Russian chat forums such as CyberLover. According to PC Tools, the "bot" cannot be easily distinguished from a real potential suitor, and the software can work quickly establishing up to 10 relationships in 30 minutes. It then compiles a report on every person it meets complete with name, contact information, and photos, which then may be made available for fraudulent activities. "Although the program is currently targeting Russian Web sites, PC Tools is urging people in chat rooms and social networks elsewhere to be on the alert for such attacks. Their recommendations amount to just good sense in general, such as avoiding giving out personal information and using an alias when chatting online."

Read the full article here.

Tuesday, December 11, 2007 10:00:31 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, December 03, 2007

Kelly Jackson Higgins, Senior Editor of Dark Reading wrote on how cyberwarfare has evolved into a growing underground market. According to experts, international cyber-spying is considered as the biggest threat for 2008 with the malware economy mimicking legitimate software markets. Malware suppliers are reportedly offering tools that make it easy for criminals with little technical know-how to commit their crimes, and many now advertise their 'products,' and offer support services as a value-add. These, as well as cyber-spying trends, are among the many findings of McAfee's annual Virtual Criminology Report released on 29 November 2007. The report was based on input from more than a dozen security experts from NATO, the FBI, SOCA, The London School of Economics, and the International Institute for Counter-Terrorism.

"What struck me through most of this report is the threat is more evolutionary than revolutionary -- things we've talked about as potentially developing are now status quo," says David Marcus, senior research and communications manager for McAfee. "That's the disturbing part. Cyberwarfare, or state-sponsored malware, is business as usual." According to the report, what further concerns governments is that this malware, as well as the burgeoning market for zero-day exploits, sold in the black market can also be used for targeting government, banks or other sensitive infrastructures, such as the power grid.

Read the full article here.

Monday, December 03, 2007 11:25:11 AM (W. Europe Standard Time, UTC+01:00)  #     | 

The CSI Survey 2007, the 12th of its kind, by the Computer Security Institute, aims to raise the level of security awareness, as well as help determine the scope of computer crime in the United States. The survey strongly suggests in this year’s results that mounting threats are beginning to materialize as mounting losses. The survey results are based on the responses of 494 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities.

Among the key findings from this year’s survey are:

  • The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. Not since the 2004 report have average losses been this high.
  • Almost one-fifth (18 percent) of those respondents who suffered one or more kinds of security incident further said they’d suffered a “targeted attack,” defined as a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.
  • Financial fraud overtook virus attacks as the source of the greatest financial losses. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. If separate categories concerned with the loss of customer and proprietary data are lumped together, however, then that combined category would be the second-worst cause of financial loss. Another significant cause of loss was system penetration by outsiders.
  • Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problem, with 59 and 52 percent of respondents reporting each respectively.
  • When asked generally whether they’d suffered a security incident, 46 percent of respondents said yes, down from 53 percent last year and 56 percent the year before.
  • The percentage of organizations reporting computer intrusions to law enforcement continued upward after reversing a multi-year decline over the past two years, standing now at 29 percent as compared to 25 percent in last year’s report.

For the complete detailed survey results, click here.

Monday, December 03, 2007 10:28:54 AM (W. Europe Standard Time, UTC+01:00)  #     | 

A Taxonomy of Privacy by Daniel J. Solove, an associate professor at the George Washington University Law School, won the Privacy Enhancing Technologies award 2006. This paper attempts to identify privacy problems in a comprehensive and concrete manner, and it aims to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.

“Privacy is a concept in disarray,” Solove says. “Abstract incantations of ‘privacy’ are not nuanced enough to capture the problems involved. The law has often failed to adequately protect privacy, and privacy problems are frequently misconstrued or inconsistently recognised. Without an understanding of what the privacy problems are, how can privacy be addressed in a meaningful way?”

His taxonomy defines threats to privacy from the perspective of the individual, in four categories of potentially harmful activities — information collection, information processing, information dissemination and invasion. With the help of this more comprehensive taxonomy, Solove hopes that privacy considerations can be better recognised and balanced against opposing interests.

Read the full paper here.

Monday, December 03, 2007 10:02:12 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, November 29, 2007

The United Nations Children’s Fund (UNICEF) reported on 26 November about the launch of 20 broadband-enabled teacher resource centres in the Maldives to help the Ministry of Education to provide quality education to every child of a population spread across 1,000 small islands.

Using information and communication technologies (ICTs) enables administrators and teachers to be part of one learning community across the country. Teachers can simultaneously receive online training, access and exchange information through the common network. Moreover, the internet and state-of-the-art technologies are aimed to enhance interactive education and to increase motivation of both students and teachers, as UNICEF noted.

Thursday, November 29, 2007 12:16:27 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, November 28, 2007

ITU, in collaboration with the Ministry of Communications and Information Technology of the Republic of Indonesia, is hosting a workshop on 28-30 November 2007 entitled ITU Regional Workshop on ICT Applications for Rural Communication Development. The workshop is held in Bali, Indonesia.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants are available on the event website.

Wednesday, November 28, 2007 1:52:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

Information and communications technologies (ICTs) are contributing to climate change, but can also provide problem-tackling tools, as the United Nations News Centre reported from a conference on the impact of ICTs on climate change organized by the UN Global Alliance for ICT and Development and AIT Global Inc., a global association of management and information technology professionals,on 27-28 November.

Experts and industry leaders highlighted that servers, personal computers and monitors account for more that 60 per cent of global ICT-related carbon emissions, and that product design, manufacturing and internal operations would be essential to minimizing emissions. Even though the paperless office environment has not yet been achieved, industry could develop energy-efficient appliances that shut down automatically when not being used. ICT could also improve the energy efficiency of all economic sectors, for example diagnosing the carbon emissions of products or processes and suggesting their redesign.

To read the full article, click here.

Wednesday, November 28, 2007 10:55:57 AM (W. Europe Standard Time, UTC+01:00)  #     | 

ENISA recently launched its latest Position Paper, "Botnets - The Silent Threat", a 12-page paper identifying roles and structures of criminal organizations for creating and controlling botnets, and trends in this type of cyber crime as well as online tools to identify and counter malicious code. ENISA points out that browser exploits account for more than 60% of all infections, email attachments for 13%, operating system exploits for 11%, and downloaded Internet files for 9%. It also emphasizes that the main problem is uninformed users. ENISA, thus, calls for "a more coordinated, cross country cooperation among multi-national law enforcement agencies, Internet Service Providers (ISPs) and software vendors" to combat botnets, and further adds that education of the everyday user is a key measure.

For further information, read ENISA's press release or access the full ENISA Position Paper.

Wednesday, November 28, 2007 10:00:12 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 27, 2007

USA Today reports on the current spam statistics, and reiterates how spam continues to exponentially increase despite anti-spam softwares, filters and legislations. According to market researcher IDC, "the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion." Spam sent is also said to have reached 60 billion to 150 billion messages a day. As for phishing, the Anti-Phishing Working Group said new phishing sites soared to 30,999 as of July 2007, from 14,191 in July 2006. MessageLabs adds that one in 87 e-mails is tagged as phishing scams now, compared with one in 500 a year ago.

The fight against spam has nonetheless expanded and grown too. Built-in spam defenses of Google's Gmail, social-networking sites such as Facebook and MySpace which enable users to control who has access to their personal profile, to exchange e-mail with friends, family and business associates, and phishing filters provided by Microsoft on its Internet Explorer browser are some of the common filters made available to users. In the same effort to stop spam, Yahoo, eBay and PayPal recently announced their use of DomainKeys, an e-mail-authentication technology. Other anti-spam technologies include CertifiedEmail from Goodmail Systems, a new breed of e-mail services, and Boxbe. "The multilayered-defense approach has worked to stop such scourges as image spam, which varied the content of individual messages — through colors, backgrounds, picture sizes or font types — to slip through spam filters. Image spam made up half of all spam in January. Since software makers came up with a solution, image spam has dropped to 8% of all spam, Symantec says."

Read the full article here.

Tuesday, November 27, 2007 2:23:14 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 23, 2007

A new research paper on the Russian Business Network (RBN), Russian Business Network - Additional Analysis, by David Bizeul has recently been published online. Bizeul spent the past three months researching the RBN, a virtual safe house for Russian criminals responsible for malicious code attacks, phishing attacks, child pornography and other illicit operations.

To read the paper, visit bizeul.org.
This paper is also available at the SANS Internet Storm Center website.

Friday, November 23, 2007 9:52:59 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 19, 2007

A presentation on Infrastructure and Applications for Large-Scale DNS Data Collection by Keith Mitchell, OARC Programme Manager, Internet Systems Consortium, AusCERT given on 21 May 2007 is now available online. This presentation provides an introduction to Internet Domain Name System (DNS), background information on OARC, and a wealth of domain statistics from OARC. The "Day in the Life of the Internet" (DITL) research project which aims to improve "network science" by building up baseline of regular Internet measurement data over 48-hour periods was also discussed as well as a case study on the Root Server DDoS Attack on 6 February 2007. For more information, visit the OARC website.

Monday, November 19, 2007 9:34:22 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, November 14, 2007

The Background Information on ITU Botnet Mitigation Toolkit is now available online and may be accessed on the ITU ICT Applications and Cybersecurity (CYB) Division's Botnet page. A Powerpoint presentation of the Project Overview is also available. For more relevant information, visit the CYB website.

Wednesday, November 14, 2007 4:17:51 PM (W. Europe Standard Time, UTC+01:00)  #     | 

The UN International Strategy for Disaster Reduction (ISDR) on 15 November 2007 is launching PreventionWeb.net, a new website for increasing knowledge-sharing on natural disaster risk reduction issues. The website will feature news reports, publications, fact sheets, examples of best practices and country reports targeted to both the general public and specialists. Users can also search for information related to disaster risk reduction such as early warning, climate change, health, education, etc.

For more information, please click here.

Wednesday, November 14, 2007 2:53:11 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 13, 2007

The U.S. Center for Information Technology Leadership (CITL) conducted a study on The Value of Provider-to-Provider Telehealth Technologies. Assuming some specific healthcare settings such as emergency departments, correctional institutions, nursing homes and physician offices the cost-benefit analysis focused on three technology systems, i.e. store-and-forward, real-time video, and a hybrid model combining the first two.

The CITL study found that benefits outweighed costs for all three systems, but the research organization recommends the hybrid model as the most cost-effective one for the U.S. The report is available at citl.org.

Tuesday, November 13, 2007 5:04:34 PM (W. Europe Standard Time, UTC+01:00)  #     | 

John Kenneth Schiefer, a 26-year-old computer security consultant from Los Angeles has admitted to hacking into computers entrusted to him to create a botnet of as many as 250,000 PCs, which he used to steal money from and identities of unsuspecting consumers and corporations. "Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles." According to Assistant U.S. Atty. Mark Krause in Los Angeles, Schiefer is the first person to be accused under federal wiretapping law of operating a botnet.

Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases and passed the stolen account information on to others. According to the plea agreement, a conspirator named "Adam" who is allegedly a minor was involved in Scheifer's scam. Scheifer and his accomplices were reported to have used illicit software which they planted on people's PCs to spirit account information from a storage area in Windows-based computers. A Dutch Internet advertising company also hired his services to install its programs on people's computers when they consented, but he installed it on more than 150,000 PCs without permission, earning more than $19,000 in commissions.

The federal investigation began in 2005, and the indictment includes "four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." Schiefer's initial appearance in Los Angeles will on Nov. 28 and his arraignment on Dec. 3. There is a similar case in May 2006 involving a Downey man, Jeanson James Ancheta who was sentenced to almost five years in federal prison after pleading guilty to four felony charges for using botnets to spread spyware and send spam.

To read the full article, visit the Los Angeles Times.
Related article also availabe here.

Tuesday, November 13, 2007 2:22:48 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, November 12, 2007

Microsoft releases the Asia Pacific Legislative Analysis: Current and Pending Online Safety and Cybercrime Laws, a study providing a high-level snapshot of the status of computer security, privacy, spam and online child safety legislation in the Asia Pacific region. Detailed analyses of these laws specific to Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, The Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam are also provided in this paper. For more information regarding this document, contact Julie Inman Grant, Regional Director, Corporate Affairs of Internet Safety and Security at Microsoft Asia Pacific. More Cybersecurity Legislation and Enforcement related resources are available at the CYB website.

Monday, November 12, 2007 9:57:14 AM (W. Europe Standard Time, UTC+01:00)  #     |