Friday, December 02, 2011
ITU to play leading role in UN global cybersecurity debate
ITU Secretary-General Dr Hamadoun Touré will be among the prominent global leaders taking part in a special United Nations Economic and Social Council public debate on Cybersecurity and Development.
Modern information and communications technologies (ICTs) now underpin just about all human activity, from transportation, water and power networks, to industrial processes and supply chains, emergency services, healthcare, education, food distribution chains, and financial services.
But while technology brings many benefits, this dependence has given rise to the need to protect against potential threats posed to the everyday lives of people and States alike.
Cybersecurity and cybercrime are multidimensional issues involving different disciplines, skills and technologies. Strengthening security in the information society is a shared responsibility in which all stakeholders (governments, private sector, international organizations, civil society) have vital roles to play.
For more information about the event see: www.un.org/en/ecosoc/cybersecurity/index.shtml.
ECOSOC Debate on Cybersecurity and Development
10:00am - 1:00pm, 9 December, 2011
ECOSOC Chamber, UN Headquarters, New York
To look at the challenges posed by ubiquitous connectivity and potential responses to mounting cyberthreats
Chair: H.E. Mr. Lazarous Kapambwe, President of ECOSOC and Permanent Representative of Zambia to the United Nations
Moderator: Gary Fowlie, Head, ITU Liaison Office in New York
- Dr. Hamadoun Touré, Secretary-General, International Telecommunication Union
- Fortunato de la Peña, Vice-Minister for Science and Technology, Philippines, and Chair, Commission on Science and Technology for Development (CSTD) - via video-link
- Cheri McGuire, Vice President, Global Government Affairs & Cybersecurity Policy, Symantec
- Mohd Noor Amin, Chairman, Management Board IMPACT Malaysia
- Deborah Taylor Tate, ITU Special Envoy and Laureate for Child Online Protection, United States Commissioner, Federal Communications Commission (Ret.)
Thursday, May 19, 2011
ITU’s relationship with IMPACT continues to gain momentum
ITU’s relationship with IMPACT continues to gain momentum, with over 130 UN Member States now part of the ITU-IMPACT coalition.
ITU-IMPACT is the first cooperative global venture to make available cybersecurity expertise and resources to enable Member States to detect, analyze and respond effectively to cyberthreats. Of particular benefit to developing countries and smaller states without the capacity and resources to develop their own sophisticated cyber response centres, the coalition also benefits technically advanced nations by providing them with a continuous global snapshot of potential and real online threats.
In line with ITU's long tradition of public-private partnership ITU has signed an MoU with Symantec
Under the terms of the agreement, Symantec will provide ITU with expert intelligence reports on current and future trends in ICT security, to be shared among all ITU Member States. This will facilitate awareness raising and knowledge transfer, complementing the work of ITU and strengthening its effectiveness as a global forum for governments and the private sector to build confidence and security in the use of ICTs.
UN agencies team up to make the online world safer: MoU signed between ITU and UNODC at WSIS Forum 2011
A Memorandum of Understanding signed between ITU and the United Nations Office on Drugs and Crime (UNODC) at this year’s WSIS Forum event in Geneva will see the two organizations collaborate in assisting UN Member States to mitigate the risks posed by cybercrime.
The MoU will enable ITU and UNODC to work together to make available the necessary expertise and resources to establish legal measures and legislative frameworks at the national level, for the benefit of countries worldwide. It is the first time that two organizations within the UN system have formally agreed to cooperate on a global basis on cybersecurity.
“This new alliance with UNODC is a major milestone in implementing a coordinated global approach to an increasingly serious global problem. Together, our two agencies will generate powerful synergies that will help all countries fight the scourge of cybercrime and create a safer online environment for all,” said ITU Secretary-General Dr Hamadoun Touré.
Thursday, February 17, 2011
Microsoft Calls for Safer and Healthier Internet
At a keynote speech delivered at the RSA Security Conference, Scott Charney--Microsoft (MSFT) corporate vice president for Trustworthy Computing--reiterated a vision for the future of Internet security. Charney painted a picture of a collaborative approach to Internet and PC security modeled after the processes used to respond to global health epidemics.
Microsoft describes why the timing seems to be right for driving this vision forward, citing the increased use of mobile devices and cloud computing, the persistence of botnet threats, increased public awareness of online crimes, and growing public pressure for improved government cyber security policies. These factors combine to create a unique opportunity.
International Card Fraud Gang Dismantled in Romania
An operation involving cross-border collaboration and supported by Europol has dismantled an international organized crime group based in Romania. The gang had been carrying out payment card fraud in several EU countries including Poland, Romania, Sweden and the UK.
Romanian law enforcement authorities, working in cooperation with the Europol, the European Law Enforcement Agency, arrested five members of the criminal gang after months of surveillance. The gang’s activities had involved fraudulently withdrawing cash from ATM machines with illegally skimmed and counterfeit payment cards. The card holders in countries including Poland, Romania, Sweden and the UK are said to have suffered substantial losses according to a press release issued by Europol on Wednesday.
Thursday, February 10, 2011
Insecure Web apps pose serious security risks, survey finds
Insecure Web apps pose a serious security risk for organizations, and according to a new survey released today, website attacks are among the biggest concerns for companies.
The Ponemon Institute survey, commissioned by security vendors Barracuda Networks Inc. and Cenzic Inc., polled 637 IT and IT security practitioners on their views of Web application security. While 74% said Web application security is equal or more critical to other security issues, only 36% said their organization has adequate governance and policies over the use of insecure Web applications by end users across the enterprise.
Wednesday, February 09, 2011
Safer Internet Day highlights need for IT security
As February 8th marks Safer Internet Day, the statistical office of the European Union (EU) has published new figures which reveal the extent to which businesses can and do benefit from security solutions when outsourcing IT departments.
The Eurostat study found that in 2010 approximately 84 per cent of web users were protected by security software, suggesting that there are still a large number of individuals and companies that could benefit from greater internet security.
Tuesday, February 08, 2011
Facebook exploit toolkit dumbs down rogue app creation
Miscreants have begun selling a cut-price point and click Facebook rogue application generation tool, designed for script kiddies too clueless to code their own malicious application.
The rogue Facebook app creation tool kit is available is available at just $25, net security firm Websense reports.
The toolkit offers a means to direct surfers towards survey scams, spread malware or act as a tool in furtherance of click-fraud scams, all by following a simple set of instructions. Bogus applications generated via the tool, called Tinie Facebook Viral Application, would offer lures such as the supposed opportunity to check on who has been viewing a Facebook profile.
Monday, September 20, 2010
Group recommends joint NATO-Russia 'cyber' war games Rules of engagement in the digital age
The North Atlantic Treaty Organization and Russia should undertake joint information-warfare exercises so the two countries can better protect critical digital infrastructure, policy wonks at an international group said.
The proposal, which was included in a32-page report released Wednesday by the EastWest Institute, would help the US and Russia achieve mutual goals in much the way that previous collaborations in the International Telecommunication Union (ITU) have, its authors argued.
Thursday, July 29, 2010
Notorious computer hacker identified and arrested, authorities say
Washington (CNN)-- A computer hacker responsible for creating and operating a massive scam that infected as many as 12 million computers worldwide has been identified and arrested, authorities said Wednesday.
The FBI said in a news statement a 23-year-old Slovene known as "Iserdo" was arrested last week for his role in a cyber scam that stole passwords from websites and financial institutions. Authorities believe the Slovenian citizen is responsible for creating and selling the Mariposa botnet.
Botnets are a network of computers infected with a malicious kind of robot software which allow remote access, often without the owner's knowledge.
Thursday, July 22, 2010
Double Honours for IMPACT at (ISC)²’s Annual Asia-Pacific Information Security Leadership Achievements Program
International Multilateral Partnership Against Cyber Threats (IMPACT) received double honours from (ISC)²’s fourth annual Asia-Pacific Information Security Leadership Achievements (ISLA) Program for its efforts to build capacity against cyber threats among partner countries especially in the developing nations.
Mr. Philip Victor, Director, Training, Skills Development and Outreach, IMPACT has been selected as an Honouree in the Senior Information Security Professional category and the contribution of Mr. Sivanathan Subramaniam, Manager, GRC Profressional Services, IMPACT has been recognised in the Information Security Practitioner category.
The award giving ceremony will take place at the ISLA Gala Dinner and Ceremony on the evening of 26th July 2010, held at The Ritz-Carlton, Millenia in Singapore.
Wednesday, June 23, 2010
International experts seek to identify common responses to the global challenge of cyber crime
CTO Conference, London on 17-18 June 2010 - A two-day international forum on Cybersecurity- aimed to identify, outline and set in motion effective to crimes that take place in the cyber world. The forum was organised by the Commonwealth Telecommunications Organisation (CTO) in conjunction with the UK Department of Business, Innovation and Skills (BIS) and the UK Cabinet Office of Cyber Security (OCS).
At the conference , ITU Global Cybersecurity Agenda (GCA) - A Framework for International Cooperation in Cybersecurity, Initiative was presented and very much welcomed by CTO participants.
Delivering the key note address, Rt Hon Baroness Pauline Neville-Jones, Minister of State for Security and Counter-Terrorism, spoke of her commitment to tackling the complex issues surrounding cyber security, including Cyber-crime and Cyber-espionage. She also stressed the critical importance of international cooperation by like-minded countries and the vital role of International organisations such as the UN-sponsored Internet Governance Forum, the International Telecommunications Union and the Commonwealth Telecommunications Organisation itself.
Dr Ekwow Spio-Garbrah, the Chief Executive Office of the CTO echoed these sentiments and added that the CTO is always keen to collaborate with sister agencies such as ITU in order to develop the capacity of its members to manage and develop their ICT sectors. ICT enabling governance and society brings along with it associated risks requiring innovative strategies of which Cybersecurity is a key element. That was the primary reason for the CTO to organise this forum and the number of participants and the engagement of organsiations from both public and private sectors justifies the CTO's decision to undertake the organising of such an event.
ITU's activities on Cybersecurity can be found here.
Monday, May 10, 2010
Should there be a Geneva Convention for fighting cyberwar?
The term "cyberwar" has been bandied about in recent years as a catchall term for the hackers stealing credit card numbers or spreading spam, but also much more nefarious schemes such as breaking into a electricity grid. At a recent cybersecurity conference, one Microsoft security executive said we might need global rules on how to fight such threats.
Scott Charney, vice president of Microsoft's Trustworthy Computing Group, spoke at the Worldwide Cybersecurity Summit in Dallas last week and said there needs to be a distinction between cybercriminals merely stealing money and cyberwar, possibly conducted by nation-states, that is aimed at crippling a target in another country, such as a power grid or an oil pipeline. An Associated Press report on the conference, which was picked up by the Seattle Post-Intelligencer newspaper, quotes Charney as saying that international treaties designed to fight cyberwar are difficult to establish because of the murky nature of what "cyberwar" is.
The United Nations last month rejected a Russian proposal for a new cybercrime treaty, leaving in place a 2001 treaty that Russia opposes because it gives foreign governments too much leeway to pursue cybercriminals across borders.
"Lots of times, there's confusion in these treaty negotiations because of lack of clarity about which problems they're trying to solve," Charney said.
In a paper that accompanied his talk, Charney also wrote that if the concern is that countries need to brace for a cybersecurity "Pearl Harbor," that it needs to be made clear on what type of attacks governments can respond. "If the concern is an electronic Pearl Harbor, perhaps part of the response is an electronic `Geneva Convention' that protects the rights of noncombatants."
The notion of an electronic Pearl Harbor has come up before on this blog. I wrote about it after attending the RSA Conference 2010 in San Francisco in March. There a panel of cybersecurity experts warned that a cyberattack could occur that could cripple U.S. infrastructure if we're not prepared for it. Richard Clarke, a national security advisor to the previous three U.S. presidents, also proposed a cyber security treaty, but lumped together criminal cyber attacks and state-sponsored attacks.
Wednesday, April 28, 2010
Fake Anti-virus Peddlers Outmaneuvering Legitimate AV
Purveyors of fake anti-virus or “scareware” programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google.
In a report being released today, Google said that between January 2009 and the end of January 2010, its malware detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors. The search giant discovered that as 2009 wore on, scareware peddlers dramatically increased both the number of unique strains of malware designed to install fake anti-virus as well as the frequency with which they deployed hacked or malicious sites set up to force the software on visitors.
Fake anti-virus attacks use misleading pop-ups and videos to scare users into thinking their computers are infected and offer a free download to scan for malware. The bogus scanning programs then claim to find oodles of infected files, and victims who fall for the ruse often are compelled to register the fake anti-virus software for a fee in order to make the incessant malware warnings disappear. Worse still, fake anti-virus programs frequently are bundled with other malware. What’s more, victims end up handing their credit or debit card information over to the people most likely to defraud them.
Friday, April 23, 2010
FCC gets into cybersecurity business
Wednesday was a busy day at the [U.S.] Federal Communications Commission, with National Broadband Plan related notices on the CableCard, Universal Service Fund, and roaming access issues out the door. Another interesting item was a Notice of Inquiry on whether the agency should launch a voluntary cybersecurity certification program.
In a nutshell, the proposed program's private sector auditors or the FCC would periodically run security evaluations of various telecommunications services. Companies that passed the program's muster could then market their networks as FCC cyber security compliant.
It's not hard to make a pitch for these kind of programs, given all the cybersecurity horror stories. The agency's Notice outlines what's at stake:
"In today’s interconnected world, an increasingly greater amount of the nation’s daily business depends on our rapidly growing broadband communications infrastructure. Banking, investment and commercial interests routinely rely on the durability and security of IP-based networks to move capital and to track goods and services around the globe. To put this development in perspective, while our nation’s total GDP was just over $14T last year, two banks in New York move over $7T per day in transactions. . . ."
But the open-ended questions that the FCC asks in its inquiry suggest that the Commission knows that the case for this kind of project isn't open and shut. Would the program "create a significant incentive for providers to increase the security of their systems and improve their cybersecurity practices?" the NOI asks. And it also wonders if "public knowledge of providers' cybersecurity practices would contribute to broader implementation by industry."
Another question the FCC might want to ask is, should individual government agencies coordinate this kind of activity, or should a broader cross-industry certification program be established? The probe comes in tandem with an inquiry on the survivability of the nation's broadband networks.
Thursday, April 15, 2010
US Cyberspace Policy Review
The US President directed a 60-day, comprehensive, “clean-slate” review to assess U.S. policies and structures for cybersecurity. Cybersecurity policy includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
The President’s cybersecurity policy official should, working with departments and agencies, strengthen and integrate interagency processes to formulate and coordinate international cybersecurity-related positions. In addition, the Federal government—continuing the long-term history of collaboration with the private sector—should develop a proactive engagement plan for use with international standards bodies. This would include taking stock of current policies and coordinating the development, refinement, or reaffirmation of positions to ensure that the full range of cybersecurity-related economic, national security, public safety, and privacy interests are taken into account.
The US Cyberspace Policy Review can be found here
ITU's activities on Cybersecurity can be found here.
Wednesday, April 14, 2010
Congress Tackles Key Cybersecurity Initiatives
Congress, back this week from spring break, isn't wasting time tackling some key cybersecurity and IT security-related initiatives.
Within the next few weeks, Congressional committees will hold sessions to tackle some of the hottest infosec-related items, including the confirmation hearing on Army Lt. Gen. Keith Alexander to be military cyber commander, markup sessions on bills to fund cybersecurity research and development and realign the National Institute of Standards and Technology's laboratories and a hearing on combating cyber crime and identity theft.
Alexander Confirmation Hearing
Thursday's Senate Armed Services Committee confirmation hearing comes nearly 10 months after Alexander was nominated by President Obama to be the first military cyber commander. If confirmed, he would retain his current job, director of the National Security Agency, and be promoted to full general. No one is suggesting that Alexander won't be confirmed, but concerns have been raised that having the same officer overseeing the cyber command and NSA poses potential conflicts: Should the top spy also be the general in charge of protecting the computer systems and networks employed to support the nation's warfighters?
Indeed, it's been questions about that dual role that has delayed the confirmation process. As we reported last month, the committee sent a questionnaire to Alexander on March 6 seeking answers about how he would balance the two jobs. Though the NSA is a DoD agency, it works with civilian agencies to secure federal IT, raising additional concerns about potential military involvement in civilian matters. "They are working through some of the hard problems and that is what the reason for the delay is," James Lewis, senior fellow at the Center for International and Strategic Studies and expert on government and military cybersecurity policy, told GovInfoSecurity.com.
Monday, April 12, 2010
Kerry, Gillibrand Introduce Legislation To Strengthen America’s Cybersecurity Efforts
WASHINGTON, D.C. – Senate Foreign Relations Committee Chairman John Kerry (D-MA) and Senator Kirsten Gillibrand (D-NY) today introduced legislation that will strengthen the ability of the United States to develop a clear and coordinated strategy for international cyberspace and cybersecurity policy. The bill will create the framework for coordinating our efforts with other countries to defend against cyberattacks that threaten our power stations, telecommunications systems and financial markets.
The International Cyberspace and Cybersecurity Coordination Act of 2010 will authorize the creation of a senior coordinator at the State Department, with the rank and status of Ambassador at Large. This person will be the principal advisor to the Secretary of State on international cyberspace and cybersecurity issues. The coordinator will provide strategic direction for United States government policy and programs aimed at addressing cyberspace and cybersecurity issues overseas. The bill will ensure the Administration develops a clear and coordinated strategy for international cyber engagement, including considering the utility of negotiating a multilateral framework that would provide internationally acceptable principles to mitigate cyberwarfare.
"Just as the physical safety of America is under constant threat from those who would do us harm, we are also engaged in a battle over the control of information in cyberspace and need to build better defenses against potential attacks on our infrastructure," said Chairman Kerry. "We must do everything we can to forestall the possibility of cyberwarfare and create a multilateral framework that will persuade countries to cooperate on pressing cyber issues. This bill is the first step to better organize U.S. efforts to develop a coordinated strategic approach to international cyberspace and cybersecurity issues by designating a single diplomat responsible for U.S. cyber policy overseas."
Thursday, March 18, 2010
Cybercrime's bulletproof hosting exposed - Zeus botnets' tangled web
Researchers at RSA have identified the network framework that endows some of the worlds most notorious botnets with always-on connections that are virtually immune from takedowns.
At the network's heart are the servers that shepherd tens of thousands of infected PCs so they continue to send spam, spread malware, and stay updated with the latest bot software. By maintaining multiple conduits between these master control channels and the outside world, malware gangs are able to create highly redundant networks that are extremely difficult for authorities and whitehats to shut down.
"What they've worked really hard to do for themselves is build a spiderweb of connections to the outer ring if the outer ring were the internet at large," Sean Brady, manager of RSA's identity protection and verification group, told The Register
. "As you start picking off threads, they work to reroute, to crawl along different threads."
Tuesday, March 09, 2010
Ashleigh Hall Facebook Murder: Lessons Must Be Learned
Alan Johnson said UK and US authorities were working on ways to flag up when a convicted sex offender goes online. It follows the sentencing of Peter Chapman, 33, on Monday, to a minimum of 35 years for the kidnap and killing of Ashleigh Hall in Sedgefield in October. The sex offender contacted her via Facebook. The Lib Dems have also called for better internet monitoring.
Find out more about ITU's Child Online Protection Initiative
Wednesday, March 03, 2010
UK National Theatre hack forces password reset
Some 17,000 culture vultures registered to the UK's National Theatre website need to reset their passwords after the site was hacked.
The 20 February attack hit systems storing the logins of 17,000 (or around three per cent) of the 500,000 plus registered with the site. Only email, password, name and contact information was disclosed by the hack. Motives and perpetrators remain unidentified. A spokeswoman emphasised that database systems holding credit and debit card details were not affected by the hack. The NT has sent out email alerts (copy below) to affected customers on Monday apologising for the security snafu.
German high court says telecom, e-mail data cannot be retained
Germany's highest court on Tuesday overturned a law allowing authorities to retain data on telephone calls and e-mail traffic for help in tracking criminal networks.
A law ordering data on calls made from mobile or landline telephones and e-mail exchanges be retained for six months for possible use by criminal authorities violated Germans' constitutional right to private correspondence, the Federal Constitutional Court ruled. In its ruling, the court said the law failed to sufficiently balance the need for personal privacy against that for providing security.
“The disputed instructions neither provided a sufficient level of data security, nor sufficiently limited the possible uses of the data,” the court said.
Friday, February 26, 2010
MS uses court order to take out Waledac botnet
Microsoft has won a court-issued take-down order against scores of domains associated with controlling the spam-spewing Waledac botnet.
The software giant's order allows the temporary cut-off of traffic to 277 Internet domains that form command and control nodes for the network of compromised machines. Infected (zombie) machines are programmed to regularly poll these control points for instructions and spam templates.
The .com domains, registered in China, will be sin-binned by VeriSign, at least temporarily decapitating the network. Microsoft estimates that Waledac was one of the 10 largest botnets in the US and a major distributor of spam for online (unlicensed) pharmacies, knock-off goods and other tat, as explained in a blog posting by its legal team.
"Waledac is estimated to have infected hundreds of thousands of computers around the world and, prior to this action, was believed to have the capacity to send over 1.5 billion spam emails per day. In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more."
Tuesday, February 23, 2010
Cyber attacks will 'catastrophically' spook public, warns GCHQ
A digital attack against the UK causing even minor damage would have a "catastrophic" effect on public confidence in the government, GCHQ has privately warned Whitehall.
The Cheltenham spy agency's new Cyber Security Operations Centre (CSOC) makes the prediction in a document prepared for Cabinet Office and seen by The Register. Growing reliance on the internet to deliver public services will "quickly reach a point of no return", meaning "any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being", CSOC says.
"A successful cyber attack against public services would have a catastrophic impact on public confidence in the government, even if the actual damage caused by the attack were minimal," it adds.
Friday, February 19, 2010
Almost 2,500 firms breached in ongoing hack attack
Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said.
The infections by a variant of the Zeus botnet began in late 2008 and have turned more than 74,000 PCs into remote spying platforms that have siphoned highly proprietary information out of at least 10 federal agencies and thousands of companies, according to research from NetWitness, a Herndon, Virginia-based network forensics firm. Many of the victims are Fortune 500 firms in the financial, energy, and high technology industries.
Wednesday, February 17, 2010
Experts reboot list of 25 most dangerous coding errors
Computer experts from some 30 organizations worldwide have once again compiled a list of the 25 most dangerous programming errors along with a novel way to prevent them: by drafting contracts that hold developers responsible when bugs creep into applications.
The list for 2010 bears a striking resemblance to last year's list, which was the first time a broad cross section of the world's computer scientists reached formal agreement on the most common programming pitfalls. The effort is designed to shift attention to the underlying mistakes that allow vulnerabilities to happen in the first place.
Tuesday, February 16, 2010
Scareware scams switch to social network smut lures
Scams which attempt to trick users into volunteering personal credentials in return for free pornography have moved over onto social networks.
More than nine out of ten (92 per cent) of such adult phishing scams recorded in January took place on social networking sites such as Facebook and Bebo, according to the latest monthly security report from Symantec. Once fraudsters have snaffled personal credentials, surfers are often redirected to sites punting scareware scams rather than smut.
Scareware scams more commonly rely on manipulating search engine results for search terms in the news, such as the death of an athlete practising for the luge event at the winter Olympics. These results are poisoned so that surfers looking for videos of this tragedy (as explained by Sophos here) are instead redirected to anti-virus scan scam portals, which warn of non-existent malware risks in a bid to trick users into buying worthless scamware.
UK.gov invests £4.3m in cyber-scam crackdown team
The UK government has launched a specialist cyber-enforcement team and allocated extra funding for Trading Standards as part of a campaign designed to clamp down on online scams.
OFT figures suggest online scams claim 3 million UK marks every year and result in losses of £3.5bn. Approaches most often arrive in the form of scam emails. The government is investing £4.3m over three years in a bid to clamp down on this growing source of crime. The money will allow the training and appointment of specialist trading standards enforcers in every region of England and in Scotland and Wales and the establishment of local computer labs.
Monday, November 16, 2009
Fraudsters Using Bogus and Legitimate Recruitment Sites to Con Job-Hunters Into Laundering Money
Reported today on BBC:"Police chiefs are urging people looking for work during the recession to be alert to online scams that trick them into laundering money. The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit 'money mules'. The 'mules are ordinary people who send and receive payments through their bank accounts to facilitate business."
Neil Schwartzman has also informed us of a related report by RSA FraudAction Research Lab based on several months of tracking various reshipping scams engineered by online fraudsters.
Tuesday, September 08, 2009
EU urges wise-up to combat rampant ATM crime
The rise in ATM-related crime has prompted a EU security agency to urge consumers to be more careful about withdrawing money from cash machines. ENISA (European Network and Information Security Agency) estimates that annual cash machine losses in Europe have increased to around €500m, a 149 per cent increase year-on-year. ENISA blames more sophisticated attacks and fraud alongside the rapid growth in the number of ATMs for the increase.
A paper by ENISA entitled ATM Crime: Overview of the European situation and golden rules on how to avoid it contains tips on choosing which ATMs to use and other precautions. Many of Europe's 400,000 ATMs (up six per cent since last year) are located in convenience stores, airports and petrol stations where they are at greater risk of tampering than those within banks or shopping malls. The UK, Spain, Germany, France and Italy collectively account for 72 per cent of these ATMs.
Fraudsters obtain card details and PINs using a wide range of tactics ranging from "shoulder surfing" to hardware skimmers. Other tactics include trapping and then retrieving users' cards. More recently the use of malware has been implicated in these scams. During 2008, a total of 10,302 skimming incidents were reported in Europe, ENISA reports.
ITU Global Cybersecurity Agenda
Monday, September 07, 2009
Man arrested for £1m online tax fraud
Police investigating a complex online fraud which scammed more than a million pounds from taxpayers have arrested a man in London. The 32-year-old's home in Poplar, east London was raided in the early hours of Thursday. He was taken to Bethnal Green police station on suspicion of fraud and money laundering.
The arrest follows HMRC's discovery in June of "an e-crime attack" on its self-assessment system. The attack was part of a tax repayment claim fraud. The Met's recently-formed Police Central e-Crime Unit (PceU) said with HMRC it is now looking into "a criminal network" thought to be behind the attack.
ITU Global Cybersecurity Agenda
Faux Facebook 'friend' takes US woman for $4,000
A US woman has been stung for $4,000 via a fraudulent Facebook "friend in peril" scam. Jayne Scherrman, a pediatric dentist from Cape Girardeau, Missouri, wired the money via Western Union to what she thought was her friend Grace Parry in response to requests for help via Facebook. The messages claimed that Grace and her husband had lost everything after being robbed while on holiday in London and requested $600 in order to resolve their difficulties.
ITU Global Cybersecurity Agenda
New IIS attacks (greatly) expand number of vulnerable servers
Attackers have begun actively targeting an unpatched hole in Microsoft's Internet Information Services webserver using new exploit code that greatly expands the number of systems that are vulnerable to the bug.
In an updated advisory published Friday, Microsoft researchers said they are seeing "limited attacks" exploiting the vulnerability, which resides in a file transfer protocol component of IIS. Exploit code publicly released in the past 24 hours is now able to cause vulnerable servers to crash even when users don't have the ability to create their own directories.
ITU Global Cybersecurity Agenda
Tuesday, September 01, 2009
MySpace suicide case: conviction overturned
Federal judge George Wu officially overturned the conviction of Lori Drew, who was convicted of cyberbullying 13-year-old Megan Meier to suicide. That conviction was based on the federal Computer Fraud and Abuse Act (CFAA), which makes it a crime to intentionally accessing a computer system with intent to commit a crime or tort.
But that law, the judge found, cannot be stretched so far that it would include mere violations of website terms of service. Something more than violating a TOS is needed. Otherwise, the law would “convert a multitude of otherwise innocent Internet users into misdemeanant criminals.”
At trial, the jury found Drew guilty of misdemeanor violations of CFAA based on the theory that accessing MySpace with intent to harrass Meier was an unauthorized access of an interstate computer. The verdict drew consternation because it seemed to suggest that merely violating a website’s terms of service could be the basis for criminal prosecution.
ITU Global Cybersecurity Agenda
Accused TJX hacker faces 15 to 20
The hacker accused of orchestrating the largest-known identity theft in US history will serve between 15 to 25 years in prison under a plea deal filed Friday.
Albert "Segvec" Gonzalez is accused of leading a hacking circle that stole 130 million credit and debit card numbers from major retail chains like Barnes and Noble, T.J. Maxx, Sports Authority, and OfficeMax.
ITU Global Cybersecurity Agenda
Microsoft says US is top malware target
Windows users based in the United States are the most likely to benefit from Microsoft's malicious software removal tool, which has removed malware from nearly 2.2 million US machines, more than the other nine top countries combined.
Over the same period, the MSRT has disinfected 383,378 machines in China, 282,152 in Brazil, 278,207 in the UK, and 262,539 in Korea, according to statistics Microsoft published here. In all, 2.18 million US-based machines were cleaned, compared with 1.87 million machines based in the other countries contained on the top-10 list.
ITU Global Cybersecurity Agenda
Friday, August 21, 2009
One-in-four hackers runs Opera to ward off other criminals
Computerworld - Hackers using multi-exploit attack "toolkits" take defensive measures of their own against other criminals, a security researcher said today.
"Exploit kit operators do use mainstream browsers, but they're much more likely to use Opera than the average user, because they know that the browser isn't targeted by other hackers," said Paul Royal, a principal security researcher with Atlanta-based Purewire.
While the most generous Web measurements peg Opera, a browser made by Norwegian company Opera Software, at a 2% share of the global market, 26% of the hackers who Purewire identified use the far-from-popular application.
ITU Global Cybersecurity Agenda
IEEE group aims to forge malware sharing standard
The IEEE has brought together an alliance of anti-virus vendors in an industry group that aims to improve and better organise collaboration, with an initial focus on better standards for malware sample sharing. Vendors including AVG, McAfee, Microsoft, Sophos, Symantec and Trend Micro have signed up to the newly newly-formed Industry Connections Security Group (ICSG). Anti-virus researchers at these firms (and others such as Kaspersky and F-secure yet to sign up to ICSG) have been sharing virus samples for years. What the ICSG wants to bring to the party is better organisation and standardisation to this process, as its mission statement explains:
"While there has been some ad-hoc co-operation in the industry in areas such as malware and phish URL sharing, this co-operation has not been standardized or documented in a format that lends itself to systematic improvement in operational efficiency or visibility and review by people outside the vertical industries. ICSG currently has one Working Group looking at Malware, but expects to add other Working Groups over time."
ITU Global Cybersecurity Agenda
Wednesday, August 19, 2009
Adobe patches 'critical' flaws in ColdFusion, JRun
Adobe Systems has released updates that patch vulnerabilities in two widely used web development applications, several of which let attackers steal sensitive data or take complete control of users' machines.
In all, the patches fix seven flaws in versions 8.0.1 and earlier of ColdFusion and JRun 4.0. The most serious of them are XSS, or cross-site scripting, bugs that allow attackers to execute malicious code on an underlying system by supplying a target with a booby-trapped web link.
ITU Global Cybersecurity Agenda
Hackers break into police computer as sting backfires
An Australian Federal Police boast, on the ABC's Four Corners program, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system. Security consultants say police appear to have been using the computer as a honeypot to collect information on members of the forum but the scheme came undone after the officers forgot to set a password. Last Wednesday, federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum, r00t-y0u.org, which had about 5000 members.
Many details of the investigation were revealed for the first time on Four Corners last night. After the raid, the federal police covertly assumed control of the forum and began using it to gather evidence about members. "We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration," Neil Gaughan, national manager of the federal police's High Tech Crimes Operation, told Four Corners.
However, what the federal police did not know was that hackers had already cottoned on to their plan. Police were monitoring the forum by logging into the account of the administrator they had raided, but this aroused suspicion among members who knew the raid had taken place. A hacker broke into the federal police's computer system and, according to a source close to the investigation, accessed both police evidence and intelligence about federal police systems such as its IP addresses.
ITU Global Cybersecurity Agenda
Woman charged with cyberbullying teen on Craigslist
A Missouri woman has become the first person to be charged with felony cyberbullying in that state after she allegedly posted photos and personal information of a teenage girl to the Casual Encounters section of Craigslist.
Prosecutors said Elizabeth A. Thrasher, 40, posted the 17-year-old's picture, cell phone number, email address, and employer to the Craigslist section, which is frequented by adults looking for anonymous, no-strings-attached sex. The girl received lewd emails and calls in response, including pornographic pictures from men she didn't know.
ITU Global Cybersecurity Agenda
Tuesday, August 18, 2009
US man 'stole 130m card numbers'
US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards.
Officials say it is the biggest case of identity theft in American history. They say Albert Gonzalez, 28, and two unnamed Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain. Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.
He would also have to pay a fine of $250,000 (£150,000) for each of the two charges. Mr Gonzalez used a complicated technique known as an "SQL injection attack" to penetrate networks' firewalls and steal information, the US Department of Justice said. His corporate victims included Heartland Payment Systems - a card payment processor, convenience store 7-Eleven and Hannaford Brothers, a supermarket chain, the DOJ said.
ITU Global Cybersecurity Agenda
Monday, August 17, 2009
Georgia cyberattacks linked to Russian organized crime
IDG News Service - The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret.
The stunning conclusions come from the U.S. Cyber Consequences Unit, an independent nonprofit research institute that assesses the impact of cyber attacks. A 100-page technical analysis is only being made available to the U.S. government and some cybersecurity professionals, but the organization did release a nine-page summary early Monday.
ITU Global Cybersecurity Agenda
Friday, August 14, 2009
Virus arms race primes malware numbers surge
Half (52 per cent) of new malware strains only stick around for 24 hours or less. The prevalence of short lived variants reflects a tactic by miscreants aimed at overloading security firms so that more damaging strains of malware remain undetected for longer, according to a study by Panda Security.
The security firm, based in Bilbao, Spain, detects an average of 37,000 new viruses, worms, Trojans and other security threats per day. Around an average of 19,240 spread and try to infect users for just 24 hours, after which they become inactive as they are replaced by other, new variants.
ITU Global Cybersecurity Agenda
Australian police charge banking Trojan suspect
Australian police have charged an as yet unnamed 20 year-old man on suspicion of creating a banking Trojan that infected an estimated 3,000 computers worldwide, as well as building up a 74,000 strong botnet of compromised machines.
The name of the suspect will not be revealed until he faces magistrates in Adelaide, South Australia, on 4 September. South Australia state police charged the man with computer crimes offences, including hacking and developing "capabilities to launch Distributed Denial of Service (DDOS) attacks with up to 74,000 computers world wide".
ITU Global Cybersecurity Agenda
Twitter transformed into botnet command channel
For the past couple weeks, Twitter has come under attacks that besieged it with more traffic than it could handle. Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission.
That's the conclusion of Jose Nazario, the manager of security research at Arbor Networks. On Thursday, he stumbled upon a Twitter account that was being used as part of an improvised update server for computers that are part of a botnet.
The account, which Twitter promptly suspended, issued tweets containing a single line of text that looked indecipherable to the naked eye. Using what's known as a base64 decoder, however, the dispatches pointed to links where infected computers could receive malware updates.
ITU Global Cyberecurity Agenda
Thursday, August 13, 2009
Voting machine hack costs less than $100,000
IDG News Service - Why spend millions of dollars campaigning when you can hack an election for less than 100 grand? That's a question raised by university researchers who recently bought a Sequoia AVC Advantage voting machine and then used a new hacking technique to circumvent its security. Although they've been hacked before, Sequoia's AVC machines are considered a pretty tough target because they have a special memory-protection mechanism that allows them to only run software they're hardwired to execute in the machine's ROM (read-only memory).
But using a new hacking technique, called a return-oriented programming attack, researchers were able to trick the machine into changing the results of an election, according to Alex Halderman, one of the university researchers behind the work. Halderman is with the University of Michigan, but researchers from the University of California, San Diego and Princeton University were also involved in the project. They presented their results at the Usenix 2009 Electronic Voting Workshop, held in Montreal this week.
ITU Global Cybersecurity Agenda
Android security chief: Mobile-phone attacks coming
IDG News Service - As smartphones become more popular, they're going to get some unwanted attention from criminals, Google Inc.'s head of Android security said today. "The smartphone OS will become a major security target," said Android Security Leader Rich Cannings, speaking at the Usenix Security Symposium. Attackers can already hit millions of victims with a smartphone attack, and soon that number will be even larger. "Personally I think this will become an epiphany to malware authors," he said.
Microsoft's Windows operating system is the prime target of criminal attacks, and hackers have generally steered clear of mobile devices. Security experts say that this is because mobile phones haven't traditionally stored a lot of sensitive data, and because there are so many different devices to attack, it's hard to create a single virus that can infect a large number of users.
ITU Global Cybersecurity Agenda
Man gets 3 years in prison for stealing IDs over LimeWire
A Washington state man who admitted using the LimeWire file-sharing program to steal tax returns and other sensitive documents has been sentenced to more than three years in federal prison.
Frederick Eugene Wood of Seattle was ordered to serve 39 months for a fraud scheme that prosecutors said was a "particularly pernicious and devious one." In it, Wood would search the hard drives of LimeWire users for files that contained words such as "statement," "account" and "tax.pdf." He would then download tax returns, bank statements, and other sensitive documents and use them to forge counterfeit checks and steal the identity of the individuals who filled out the documents.
ITU Global Cybersecurity Agenda
Vuln exposes eBay developer accounts
eBay security officials are requiring members of its developer program to change their passwords following the discovery of a vulnerability that could allow attackers to intercept sensitive account details.
"eBay has recently identified a means by which someone could gain access to eBay Developers Program account information," Kumar Kandaswamy, manager of the eBay Developers Program, wrote in an advisory posted on the auctioneer's website. "Out of an abundance of caution and to help ensure the security of the eBay Developers Program, we are requiring that all developers" change their passwords.
ITU Global Cybersecurity Agenda
Apple update patches serious DNS flaw in Mac OS X
Two weeks after internet overlords warned of a serious vulnerability in one of the most widely used programs for resolving domain names, Apple has updated its Mac OS X operating systems to fix the security bug.
The update, released Wednesday, patches a hole in BIND, the net's most popular domain name system package. It's available for both client and server versions of the Mac OS and follows an update released last week that plugged 18 holes and a separate fix issued on Tuesday for six holes in Apple's Safari browser.
ITU Global Cybersecurity Agenda
Monday, August 10, 2009
Booming scareware biz raking in $34m a month
Fraudsters are making approximately $34m per month through scareware attacks, designed to trick surfers into purchasing rogue security packages supposedly needed to deal with non-existent threats. A new study, The Business of Rogueware, by Panda Security researchers Luis Corrons and Sean-Paul Correll, found that scareware distributors are successfully infecting 35 million machines a month.
Social engineering attacks, often featuring social networking sites, that attempt to trick computer users into sites hosting scareware software have become a frequently used technique for distributing scareware. Tactics include manipulating the search engine rank of pages hosting scareware. Panda reckons that there are 200 different families of rogueware, with more new variants coming on stream all the time.
ITU Global Cybersecurity Agenda
US appeals court cans CAN-SPAM suit
In a decision that could make it harder for internet users to take spammers to court, a federal appeals court has upheld the dismissal of a lawsuit against a company that sent a man more than 13,000 unsolicited emails.
A three-judge panel from the Ninth US Circuit Court of Appeals agreed with a lower-court judge that under a federal law that went into effect in 2004, plaintiff James S. Gordon Jr. lacked standing to sue online marketing business Virtumundo. The panel ruled that under the Controlling the Assault of Non-Solicited Pornography and Marketing, or CAN-SPAM, act, lawsuits can only be brought by select law-enforcement agencies and providers of an IAS, or "internet access service."
ITU Global Cybersecurity Agenda
Friday, August 07, 2009
Security risks of Web 2.0 tools should not be overlooked by enterprises, individuals
Like it or not, the use of Web 2.0 technology use in enterprises is here to stay. Even longstanding enterprise software providers, such as Salesforce.com, have created tools for integrating social networks into the customer support and lead generation process. And you’d be hard-pressed to find a Fortune 500 company that doesn’t, at the very least, have a corporate blog.
Over the last few weeks, two organizations issued study results focusing on the use of social networking within the enterprise. RSA Conference, in its “What Security Issues Are You Currently Facing?” report, surveyed nearly 150 C-level executives and professionals charged with directing, managing and engineering security infrastructures within their respective organizations.
Social networking and security was a consideration, however it appears that organizations thus far claim to have been minimally impacted by social network threats. According to the survey, 84 percent of respondents allow Twitter and Facebook in the enterprise, however only 3 percent were seriously affected by the recent Facebook and Twitter phishing attacks.
ITU Global Cybersecurity Agenda
XML flaws threaten 'enormous' array of apps
Updated Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers.
The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML library available, Ari Takanen, CTO of Finland-based security testing firm Codenomicon, told The Register. Many of them could allow attackers to crash machines running applications that use the libraries or even remotely execute malicious code. The Python and Java programming languages and Apache Xerces are already known to be affected, and Takanen said many more could be as well.
ITU Global Cybersecurity Agenda
Feds seek $566m from man in online gambling case
Federal prosecutors have accused a Canadian man of laundering more than $350m for offshore internet gambling operations to skirt US laws prohibiting payments to American citizens trying to cash out their winnings.
Douglas Rennick, 34, was charged with three felony counts related to the alleged scheme by the US Attorney's office in Manhattan. Between February 2007 and June 2009, he and several unnamed co-conspirators established sham businesses that provided false information to banks so they could carry out large financial transactions that otherwise would have been barred, according to an indictment filed Thursday.
ITU Global Cybersecurity Agenda
Researcher: Twitter attack targeted anti-Russian blogger
As Twitter struggled to return to normal Wednesday evening, a trickle of details suggested that the outage that left 30 million users unable to use the micro-blogging service for several hours - at least in part - may have been the result of a spam campaign that targeted a single user who vocally supports the Republic of Georgia.
According to Bill Woodcock, research director at the non-profit Packet Clearing House, the torrent of traffic that brought the site to its knees wasn't the result of a traditional DDoS, or distributed denial of service attack, but rather people who clicked on a link in spam messages that referenced a well-known blogger called Cyxymu.
As spam goes, the emails looked benign enough. One of them carried the subject "Visit my blog" and contained the words "thanks for looking at my blog" in the body. They contained respective links to Cyxymu's accounts on Twitter, Facebook, LiveJournal and YouTube, all of which also reported receiving abnormal amounts of traffic on Thursday.
ITU Global Cybersecurity Agenda
Tuesday, August 04, 2009
Court allows extradition of British hacker to proceed
IDG News Service - A British hacker who broke into U.S. government computer systems seeking evidence of alien life has failed in his latest efforts to block extradition to the U.S. to face trial.
On Friday, the High Court ruled the extradition of Gary McKinnon, whose hacking exploits have drawn high-profile attention from U.K. Prime Minister Gordon Brown and celebrities such as David Gilmour of Pink Floyd, should proceed. Karen Todner, McKinnon's attorney, said they will lodge an appeal within 28 days.
McKinnon's attorneys had asked the court to review a refusal by the Director of Public Prosecutions (DPP) for England and Wales to prosecute the him in the U.K. British prosecutors maintain that the U.S. wants jurisdiction and that most evidence and witnesses are in the U.S.
ITU Global Cybersecurity Agenda
cPanel, Netgear and Linksys susceptible to attack
Defcon If you use cPanel to administer your website or certain Linksys or Netgear devices to route traffic over your wireless network, you're susceptible to web-based attacks that could take complete control of your systems, two security researchers said Saturday.
All three wares contain CSRF, or cross-site request forgery, holes that can be exploited when the user does nothing more than surf to the wrong site. Web-application security experts Russ McRee of HolisticInfoSec.org and Mike Bailey of Skeptikal.org said they've alerted officials at all three companies to the weaknesses and so far all have failed to fix them.
ITU Global Cybersecurity Agenda
Teens react to online warnings
A group of teenagers have reacted to warnings that using sites like Facebook, Bebo and Myspace can leave them traumatised. The Archbishop of Westminster, the Most Reverend Vincent Nichols, says the sites encourage users to value the number rather than quality of friends they have. He’s worried this makes people get too many temporary friends instead of real, genuine ones. He said: “It’s an all or nothing syndrome that you have to have in an attempt to shore up identity. "Friendship is not a commodity, friendship is something that is hard work and enduring when it’s right.”
But speaking to Newsbeat a group of teenagers mainly rejected what the spiritual leader of the four million Catholics in England and Wales had to say. Ash is 19 and from London. He said: "These sites are just a different way of socialising and I think the nation’s the friendliest it’s ever been because of that.
ITU Child Online Protection
US cyber-security tsar steps down
The White House's acting cyber-security tsar has resigned from her post, according to the Wall Street Journal.
Melissa Hathaway told the paper she was leaving for "personal reasons" and would return to the private sector. The former strategist was appointed as acting national cyber-adviser in February and was expected to be offered the post of full time. President Barack Obama has made cyber-security a high priority for his administration. In May, the President announced plans for securing American computer networks against cyber attacks.
In recent years, US government and military bodies have reported attempts to infiltrate systems by hackers. He announced the creation of a cyber-security office in the White House, and said he would personally appoint a "cyber-tsar". Ms Hathaway was widely regarded as the person to fill that post after taking on the role as acting senior director for cyberspace for the National Security and Homeland Security Councils in February. A successor has not yet been named by the White House.
ITU Global Cybersecurity Agenda
Monday, July 20, 2009
IMPACT: ITU calls for borderless effort on cybersecurity
Concerted borderless cooperation is needed to tackle today's cyber-attacks, according to international agencies, the International Multilateral Partnership Against Cyber Threats (IMPACT) and International Telecommunication Union (ITU). This, in response to recent reports of more than two dozen attacks against prominent government websites in South Korea and the US.
Speaking at IMPACT global headquarters in Malaysia, chairman Datuk Mohd Noor Amin said: "Though the attacks, which included websites belonging to the White House, US Treasury, and the Pentagon, were small in scale and low in sophistication, these attacks could have been more destructive."
"Websites all over the world are constantly targetted by hackers, but increasingly, the number of critical sector websites and systems being attacked has increased," said Amin. "In recent years, large scale attacks on critical infrastructures have started to take place such as the cyber-attack that occurred in Estonia in 2007 that subsequently paralysed the country's entire critical infrastructure for almost two weeks." [Read full article on infoworld...]
Friday, July 10, 2009
South Korea and U.S. websites hit by DDoS attacks
South Korean and the United States websites have been targets of sustained distributed denial of service attacks (DDoS) since the 4th of July, government websites as well as financial and commercial websites have been targeted with most of the targets withstanding the DDoS attacks.
At least 35 websites have been targeted by the DDoS attacks which aim to make websites unreachable by flooding them with more web traffic than they can handle, effectively taking them offline. The web traffic originates from the computers of ordinary people infected with malware, usually from visiting a compromised website, after which the attackers can command the computers to carry out the DDoS attacks.
These attacks on the US and South Korea appear to be carried out by "a few tens of thousands" compromised computers, the impact of which so far has been considerably muted, it does however demonstrate weaknesses that could be exploited to much more devastating effect.Read More...
Friday, June 19, 2009
UK.gov to create central cybersecurity agency
Secret operations currently carried out by parts of the intelligence and security services will be centralised in Whitehall as part of an ongoing major review of cybersecurity, according to a report.
The Cabinet Office is due to publish the UK's version of Barack Obama's cybersecurity stategy before the summer Parliamentary recess, which begins in late July. The US President last month announced a new "cyber tsar" role and agency to oversee efforts to prepare for and respond to attacks by enemy states and organised criminals.
ITU Global Cybersecurity Agenda
Canadian bill forces personal data from ISPs sans warrant
Canada is considering legislation allowing the country's police and national security agency to readily access the online communications and the personal information of ISP subscribers.
"We must ensure that law enforcement has the necessary tools to catch up to the bad guys and ultimately bring them to justice. Twenty-first century technology calls for 21st-century tools," Justice Minister Rob Nicholson said in announcing two new bills at a press conference in Ottawa, the CBC has reported.
ITU Global Cybersecurity Agenda
Google cloud told to encrypt itself
Updated A small army of security and privacy researchers has called on Google to automatically encrypt all data transmitted via its Gmail, Google Docs, and Google Calendar services.
Google already uses Hypertext Transfer Protocol Secure (https) encryption to mask login information on this trio of
cloud-based web-based applications. And netizens have the option of turning on https for all transmissions. But full-fledged https protection isn't flipped on by default.
"Google’s default settings put customers at risk unnecessarily," reads a letter lobbed to Google CEO Eric Schmidt by 37 academics and researchers. "Google’s services protect customers’ usernames and passwords from interception and theft. However, when a user composes email, documents, spreadsheets, presentations and calendar plans, this potentially sensitive content is transferred to Google’s servers in the clear, allowing anyone with the right tools to steal that information".
ITU Global Cybersecurity Agenda
Thursday, June 11, 2009
China's computers at hacking risk
Every PC in China could be at risk of being taken over by malicious hackers because of flaws in compulsory government software.
The potential faults were brought to light by Chinese computer experts who said the flaw could lead to a "large-scale disaster". The Chinese government has mandated that all computers in the country must have the screening software installed. It is intended to filter out offensive material from the net.
The Chinese government said that the Green Dam Youth Escort software, as it is known, was intended to push forward the "healthy development of the internet" and "effectively manage harmful material for the public and prevent it from being spread." "We found a series of software flaws," explained Isaac Mao, a blogger and social entrepreneur in China, as well as a research fellow at Harvard University's Berkman Center for Internet and Society.
ITU Global Cybersecurity Agenda
Monday, June 08, 2009
Twitter Trends exploited to promote scareware
Hackers are manipulating a hot topics feature of Twitter to promote malware-infected websites. The gaming of the Twitter Trends feature recalls the manipulation of Google search results using black-hat search engine optimisation techniques.
In the case of the Twitter attack, cyber-criminals created hundreds of accounts and posted multiple messages under the topic "PhishTube Broadcast", a reference to the US rock band Phish, but containing links to a spoof pornographic Web page. The topic appeared in the Trending Topic list, achieving greater visibility and therefore more user traffic to comments made under that category.
Users intrigued enough to visit the supposed websites promoted through the Twitter social-engineering ruse risk exposure to the PrivacyCenter fake antivirus (scareware) package. The software runs a spoof scan of system before falsely informing users that their computers are infected with malware, whether they are or not, in order to induce frightened users into buying software of little or not utility.
Pondlife scammers abuse Air France tragedy
Cybercrooks are once again taking advantage of current events to push malware.
Prurient interest in the death of Kill Bill star David Carradine is being used to promote Twitter updates containing links to sites punting rogueware. The attack is the latest in a string of assaults over the last week or so that abuse the Trending Topics feature of Twitter to promote scareware.
Meanwhile, search engine result poisoning is being used so that searches involving the disappearance of Air France Flight 447 off the coast of Brazil point to scareware affiliate websites. The complex attack uses multiple site redirections, as explained in a blog posting by Trend Micro here.
ITU Global Cybersecurity Agenda
Monday, June 01, 2009
EU backs advanced network tech to boost resilience
An EU security agency is calling for greater use of advanced networking technologies - specifically IPv6, DNSSec and MPLS - to improve the resilience of communication networks.
The European Network and Information Security Agency (ENISA) argues that these advanced technologies have the potential to improve the security and resilience of telecom networks from hacking attacks or other forms of disruption. However, knowledge of how to deploy these commercially available next-generation technologies is thin on the ground.
ENISA advocates the pooling of best practice and operational experience as a way to bring everyone up to speed. The agency interviewed 12 network operators in the EU and found that lack of management and coordination between stakeholders, as well as a dearth of operational best practices, were potential potholes on the road to building more secure networks.
The agency carried out two reports. One looked at the benefits of the selected technologies in improving network resilience (here (pdf)) while the other looked into deployment issues and other practical concerns (here (pdf)), drawing its findings largely from interviews with network operators.
ITU Global Cybersecurity Agenda
A Corporate Identity
A corporate identity theft ring that exploited the identities of local corporations, religious institutions, hospitals and even schools to run a cheque fraud scam has been busted in New York.
Investigators reckon the gang of 18 suspects made millions by impersonating workers from an estimated 350 New York-based organisations. Data purchased from corrupt bank insiders was used to lay the groundwork for the scam, which relied on cashing thousands of counterfeit payroll cheques. The fraudsters also plundered the bank accounts of individual victims, using data obtained from corrupt bank insiders to transfer funds to banks under the control of the gang.
Mules were recruited as payees on the counterfeit cheques, which were forged using scanners, cheque stock, magnetic ink, company logos and specialist software. The scam ran between October 2007 and February 2009. One bank alone lost $1.4m through the scam.
ITU Global Cybersecurity Agenda
Turkish hackers breach US Army servers, says report
US government investigators are probing breaches of two sensitive Army webservers by suspected Turkish hackers, according to a report by InformationWeek.
One of the servers, located at the Army's McAlester Ammunition Plant in Oklahoma, was penetrated on January 26, according to the publication, which cited investigative records it reviewed. The hack was carried out by a Turkey-based collective known as "m0sted" and caused people attempting to access the site to be redirected to a webpage protesting climate change.
ITU Global Cyberscurity Agenda
PC-pwning infection hits 30,000 legit websites
A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday.
The malicious payload silently redirects visitors of infected sites to servers that analyze the end-user PC. Based on the results, it attempts to exploit one or more of about 10 different unpatched vulnerabilities on the visitor's machine. If none exist, the webserver delivers a popup window that claims the PC is infected in an attempt to trick the person into installing rogue anti-virus software.
ITU Global Cybersecurity Agenda
Obama fights cyber threats with new White House post
US President Barack Obama will create a new White House post that's responsible for protecting the country's critical computer networks, a step he said was crucial to confronting one of the biggest national security challenges.
For what is likely the first time ever, the leader of the free world spoke publicly about botnets, phishing, malware, and other internet-based attacks that not only threaten millions of individuals, but the country's military and intelligence networks as well. He also recounted his personal brush with cyber espionage, confirming for the first time a report that travel plans, policy papers, and other files were accessed after hackers penetrated his presidential campaign's computer system.
ITU Global Cybersecurity Agenda
Tuesday, May 26, 2009
Viral web infection siphons ad dollars from Google
A compromise that is moving virally across websites is making unwitting people who surf to them part of a botnet that redirects Google search results, a security researcher has warned.
During the past week, the number of websites identified as infected have almost tripled, according to researcher Mary Landesman with real-time malware scanning specialist ScanSafe tracking the attacks since March. Normally, web compromises die out after a few weeks, as search engines and anti-virus programs grow wise to them. But that's not happening this time.
ITU Global Cybersecurity Agenda
Tuesday, May 19, 2009
Electricity to power 'smart grid'
Global electricity networks could become smart grids that can help us monitor and control our energy usage, if plans from net firm Cisco take off.
The giant US firm, whose technology helps underpin the net, is building a two-way link into electricity grids. Smart grids would allow devices to communicate with utility firms to give an accurate view of energy use that could cut CO2 emissions by 211m tonnes. Cisco believes the market could be worth up to $20 billion a year. The basic premise is to link different parts of the electrical grid - from a single home to the largest of power stations - using a customised network based on Internet Protocol (IP). Cisco say the proposal would be a "once in a generation capital investment". With the rising cost of electrical power and concerns about how that power is generated - especially when it comes to fossil fuels - a number of other firms are also making a bid to modernise the electrical networks.
ITU Global Cybersecurity Agenda
Monday, May 18, 2009
Hackers 'launch attack' on Facebook
Facebook has been working to clean up its site after its 200 million members were targeted by hackers.
Facebook spokesperson Barry Schnitt wouldn't comment on how many accounts had been hit but he did confirm it was blocking any that had been compromised. The hackers used a common "phishing" scam to get hold of users' passwords. After breaking in to people's Facebook accounts they sent out emails to friends of members asking them to click on links to fake websites. The sites are designed to look like legitimate pages from Facebook but have been set up and are controlled by the hackers.
Then it's a simple case of tricking users into handing over all sorts of details from passwords to e-mail addresses. All of this is done with the overall aim of being able to provide lists of addresses which can then be targeted to help spread spam. It's not the first time Facebook has been attacked like this. Last year a malicious virus called Koobface hit the site, tricking people into downloading it onto their computers by sending links pretending to be from friend's accounts. Security experts say part of the problem is that members are using passwords that are just too weak, ones like family or pet names that are often on a person's homepage and so can be easily guessed.
ITU Global Cybersecurity Agenda
Thursday, May 14, 2009
Cyber attack could bring US military response
The United States' top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.
During a press briefing on Thursday, US Air Force General Kevin Chilton, who heads the US Strategic Command, said that top Pentagon advisors would not rule out a physical attack on any force that attacks the United States through the internet. Currently, the military's networks are probed thousands of times a day, but the goal of attackers seems to be espionage, not to take down critical networks, he told reporters.
ITU Global Cybersecurity Agenda
Home Sec: No more funds to e-crime unit
The newly established Police Central e-crime Unit is unlikely to get increased UK government funding, according to a response to questions in the House by the Home Secretary on Tuesday. The reply by Jacqui Smith is a sign that the present home secretary is less inclined to invest in the nascent unit than her predecessor David Blunkett.
Liberal Democrat MP Chris Huhne asked Jacqui Smith about whether "she will make an assessment of the adequacy of the IT resources provided to Metropolitan Police officers in policing fraud". The Home Secretary responded to this question by suggesting the micro-management of resources was down to the Met Police. She also mentioned the £3.5m granted by central government over three years towards the establishment of a long-awaited central e-crime unit, Hansard reports.
ITU Global Cybersecurity Agenda
Microsoft teams up with US gov
Microsoft has teamed with the US government to refine a locked-down, more secure configuration of Windows XP.
Originally developed by the US Air Force in cooperation with Microsoft, the special XP set-up uses hardened Group Policy Objects (a technology in Microsoft's Active Directory) and images, which the Air Force used as the standard OS image for its desktop Windows machines.
The project evolved into the Federal Desktop Core Configuration (fdcc) recommendations maintained by US standards organisation NIST. Sys admins can download the configuration along with group policy objects.
Earlier reports by Wired suggested that Microsoft has worked with the government to develop a secure configuration of XP for use by the military and that this might be somehow out of reach to the hoi polloi, who are left with a system whose out-of-the-box configuration leaves it open to all manner of worms as soon as it's connected to the net.
ITU Global Cybersecurity Agenda
Hackers 'destroy' flight sim site
Flight simulator site Avsim has been "destroyed" by malicious hackers.
The site, which launched in 1996, covered all aspects of flight simulation, although its main focus was on Microsoft's Flight Simulator.
The attack took down the site's two servers and the owners had not established an external backup system.
The site's founder, Tom Allensworth, said that the site would be down for the foreseeable future and was unsure "if we can come back at all".
"The method of the hack makes recovery difficult, if not impossible, to recover from," Mr Allensworth said in a statement.
"AVSIM is totally offline at this time and we expect to be so for some time to come. We are not able to predict when we will be back online, if we can come back at all. "
ITU Global Cybersecurity Agenda
Wednesday, April 22, 2009
Call to rally against cyber crime
Security professionals are being called on to band together to fight the highly organised cyber criminals of the world.
The call was made at a San Francisco conference organised by security firm RSA - the largest event of its kind. RSA President Art Coviello said the online fraudsters "are not bound by any rules of law" and "control massive armies of zombie computers". Recent reports claimed cyber criminals had infiltrated everything from the US power grid to the Pentagon.
In his keynote speech to the conference, Mr Coviello urged the industry not to underestimate the global cyber security threat and the sophistication of criminals. "Our adversaries operate as a true ecosystem that thrives through interdependence and constantly adapts to ensure its growth and survival. Mr Coviello said that meant it was time for the security industry to come together to defeat the criminal element at large. "We must evolve from acting independently to solve discreet information security problems to acting collaboratively to create a common development process.
ITU Global Cybersecurity Agenda
Botnet 'ensnares government PCs'
Almost two million PCs globally, including machines inside UK and US government departments, have been taken over by malicious hackers.
Security experts Finjan traced the giant network of remotely-controlled PCs, called a botnet, back to a gang of cyber criminals in Ukraine. Several PCs inside six UK government bodies were compromised by the botnet. Finjan has contacted the Metropolitan Police with details of the government PCs and it is now investigating. A spokesman for the Cabinet Office, which is charged with setting standards for the use of information technology across government, said it would not comment on specific attacks "for security reasons".
ITU Global Cybersecurity Agenda
Thursday, April 16, 2009
New e-crime units nabs nine banking Trojan suspects
Nine suspects in a banking Trojan case have been arrested by specialist cybercops from the UK's new Police Central E-Crime Unit (PCeU). The suspects - four women and five men - were arrested following police raids in south east London. Investigators reckon the group of UK-based eastern European nationals used malware planted on compromised machines to steal login credentials and plunder online banking accounts.
The arrests follow the establishments of a virtual crime force, involving more than 50 officers from the PCeU and the Met's specialist crime directorate. Deputy assistance commissioner Janet Williams, ACPO lead for e-crime, said Wednesday's operation illustrated that the long-awaited national e-crime unit was already up and running Computer Weekly reports.
ITU Global Cybersecurity Agenda
Microsoft supplies Interpol with DIY forensics tool
Interpol plans to distribute a Microsoft DIY computer forensics tool to its 187 member countries under an agreement announced Wednesday.
Cofee, short for Computer Online Forensic Evidence Extractor, is a thumb drive containing more than 150 investigative applications police can use to collect digital evidence at crime scenes. When Microsoft announced the free tool last year, it said some 2,000 officers in 15 countries were using it.
The proliferation of cell phones, digital cameras, and other electronics devices means that even old-world crimes such as muggings and burglaries have the potential to be cracked by sifting through digital footprints inadvertently left behind by perpetrators. But collecting that evidence and preserving its integrity so it can be admitted into court trials isn't easy.
Cofee is designed to ease that burden by providing investigators with easy-to-use tools that allows them to collect electronic data on the fly. It also allows them to collect data without necessarily having to lug gear to headquarters first. Not that Cofee has been well received by everyone. Some of the more conspiratorially minded posited that some of the password-cracking features worked by exploiting backdoors secretly built into Windows. Microsoft has insisted Cofee is solely a collection of forensics tools.
ITU Global Cybersecurity Agenda
EC starts legal action over Phorm
The European Commission has started legal action against Britain over the online advertising technology Phorm.
It follows complaints to the EC over how the behavioural advertising service was tested on BT's broadband network without the consent of users.
Last year Britain had said it was happy Phorm conformed to European data laws.
But the commission has said Phorm "intercepted" user data without clear consent and the UK need to look again at its online privacy laws.
In a statement, Phorm said its technology was "fully compliant with UK legislation and relevant EU directives".
It added that it did not believe the Commission's legal action would have "any impact on the company's plans going forwards".
At the heart of the legal action by the EC is whether users have given their consent to have their data intercepted by the advertising system.
ITU Global Cybersecurity Agenda
Spam 'produces 17m tons of CO2'
A study into spam has blamed it for the production of more than 33bn kilowatt-hours of energy every year, enough to power more than 2.4m homes.
The Carbon Footprint of e-mail Spam report estimated that 62 trillion spam emails are sent globally every year.
This amounted to emissions of more than 17 million tons of CO2, the research by climate consultants ICF International and anti-virus firm McAfee found.
Searching for legitimate e-mails and deleting spam used some 80% of energy.
The study found that the average business user generates 131kg of CO2 every year, of which 22% is related to spam.
ITU Global Cybersecurity Agenda
Wednesday, April 08, 2009
Spam overwhelms e-mail messages
More than 97% of all e-mails sent over the net are unwanted, according to a Microsoft security report.
The e-mails are dominated by spam adverts for drugs, and general product pitches and often have malicious attachments.
The report found that the global ratio of infected machines was 8.6 for every 1,000 uninfected machines.
It also found that Office document attachments and PDF files were increasingly being targeted by hackers.
Microsoft said people should not panic about the high levels of unwanted e-mail.
Cliff Evans, head of security and privacy for Microsoft in the UK, told BBC News: "The good news is that the majority of that never hits your inbox although some will get through."
ITU Global Cybersecurity Agenda
Monday, April 06, 2009
Net firms start storing user data
Details of user e-mails, website visits and net phone calls will be stored by internet service providers (ISPs) under an EU directive.
All ISPs in the European Union will have to store the records for a year. An EU directive which requires telecoms firms to hold on to telephone records for 12 months is already in force. The data stored does not include the content of e-mails and websites, nor a recording of a net phone call, but is used to determine connections between individuals.
Talks with French Government Officials and Industry Leaders
During the UN CEB meeting held at UNESCO in Paris, Dr Touré took the opportunity to have extensive talks with French Government officials and industry Leaders, touching upon issues of great importance to both France and ITU: The negative impact of the economic crisis on the ICT sector as well as the solutions and opportunities ICTs present for global economic revival. The promotion of the forthcoming ITU Telecom World 2009 was received positively.
Thursday, April 02, 2009
Researchers find Conficker cure
Security experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines that is easy to detect using a variety of off-the-shelf network scanners.
The finding means that, for the first time, administrators around the world have easy-to-use tools to positively identify machines on their networks that are contaminated by the worm. As of mid-Monday, signatures will be available for at least half a dozen network scanning programs, including the open-source Nmap, McAfee's Foundstone Enterprise and Nessus, made by Tenable Network Security.
Up to now there were only two ways to detect Conficker, and neither was easy. One was to monitor outbound connections for each computer on a network, an effort that had already proved difficult for organizations with machines that count into the hundreds of thousands or millions. With the advent of the Conficker C variant, traffic monitoring became a fruitless endeavour because the malware has been programmed to remain dormant until April 1.
ITU Global Cybersecurity Agenda
Cybersecurity law would give feds unprecedented net control
US senators have drafted legislation that would give the federal government unprecedented authority over the nation's critical infrastructure, including the power to shut down or limit traffic on private networks during emergencies.
The bill would also establish a broad set of cybersecurity standards that would be imposed on the government and the private sector, including companies that provide software, IT work or other services to networks that are deemed to be critical infrastructure. It would also mandate licenses for all individuals administering to strategically important networks.
The bill, which is being co-sponsored by Senate Commerce Committee chairman John Rockefeller IV and Senator Olympia Snowe, was expected to be referred to a senate committee on Wednesday. Shortly after a working draft of the legislation began circulating, some industry groups lined up to criticize it for giving the government too much control over the internet and the private companies that make it possible.
ITU Global Cybersecurity Agenda
Wednesday, April 01, 2009
Worm attack chaos fails to strike
The chaos predicted by some as the Conficker worm updates itself have so far failed to materialise.
There had been concerns that the worm could trigger poisoned machines to access personal files, send spam, clog networks or crash sites. Many of the infected machines are based in Asia where there have been no reports of unusual PC behaviour. Conficker is believed to have infected up to 15 million computers to date. Those monitoring the progress of the worm as 1 April dawned around the globe said there was no evidence it was doing anything other than modifying itself to be harder to exterminate.
Monday, March 30, 2009
'Three-strikes' law for net users
French internet users persisting in illicit downloading of music and films could have the plug pulled on their internet if a controversial new law is approved.
Under plans by the French government, illegal downloaders would be barred from broadband access by their Internet Service Providers (ISPs) after three warnings.
The three-strikes law means alleged wrongdoers will first get a warning e-mail, then a letter through the post, followed by their connection being cut off for up to a year.
A proposed state agency would gather the Internet Protocol (IP) addresses of people involved in illegal file-sharing.
Marc Guez, managing director of France's Society of Phonographic Producers (SCPP), said record companies are losing millions in profits to piracy.
He said the internet is "killing all of the creative industries little by little" and that governments must take action against piracy.
Wednesday, March 25, 2009
UN-backed anti-cyber-threat coalition launches headquarters in Malaysia
20 March 2009 – The headquarters of the global coalition to tackle the world’s most serious cybersecurity threats, backed by the United Nations International Telecommunication Union (ITU), was inaugurated outside of the Malaysian capital, Kuala Lumpur today.
The new state-of-the-art facilities of the International Multilateral Partnership Against Cyber-Threats (IMPACT) in Cyberjaya will host the ITU’s Global Cybersecurity Agenda (GCA), which promotes international cooperation to make cyberspace more secure in an increasingly networked information society.
The joint effort by the ITU and IMPACT – an initiative which brings together governments, industry leaders and cybersecurity experts to enhance the global community’s capacity to prevent, defend and respond to cyberthreats – aims to provide real-time analysis, aggregation and dissemination of global cyber threat information.
“Cybersecurity is one of the most critical issues of our time,” said Hamadoun Touré, ITU Secretary-General, noting that the problem demands “a truly global approach.”
Last September, the heads of ITU and IMPACT signed an agreement to operationalize the GCA at IMPACT’s Cyberjaya site.
Although the GCA will be housed at the IMPACT centre, ITU will have a “virtual showcase” at its headquarters in Geneva of the early warning system, crisis management and real-time analysis of global cyber threats.
Monday, March 23, 2009
ITU's Global Cybersecurity Agenda housed in new centre in Malaysia
Geneva, 20 March 2009 - The global headquarters of the International Multilateral Partnership Against Cyber Threats (IMPACT) was inaugurated today in Cyberjaya on the outskirts of Kuala Lumpur, Malaysia. The new IMPACT facilities will host ITU's Global Cybersecurity Agenda (GCA), which is an international framework for cooperation aimed at finding strategic solutions to boost confidence and security in an increasingly networked information society.
The new IMPACT headquarters was inaugurated by Malaysia's Prime Minister Dato' Seri Abdullah Haji Ahmad Badawi, who is also Chairman of IMPACT's International Advisory Board, and ITU Secretary-General Dr Hamadoun Touré.
Friday, March 20, 2009
IMPACT's Headquarters is inaugurated in Malaysia
The headquarters of the world's first global public-private partnership against cyber threats, IMPACT, was inaugurated on 20 March in Malaysia by Prime Minister Datuk Seri Abdullah Ahmad Badawi and ITU Secretary-General Dr Hamadoun I. Touré, in the presence of senior government officials including Deputy Prime Minister, Dato' Sri Haji Mohd. Najib Bin Tun Haji Abdul Razak.
IMPACT's headquarters will, through the partnership with ITU, run the operations of the Global Cybersecurity Agenda (GCA) and provide services to interested ITU Member States. The event provided an operational physical home for the GCA and made possible its transition from strategy into operations. This transition is led by Mr. Sami Al-Basheer, Director of ITU's Telecommunication Developpement Bureau. The GCA through its partnership with IMPACT enters a phase of deployment in 20 countries with 50 planned for the next 12 months. During the event, ITU logo was unveiled by ITU Secretary-General, Malaysian Prime Minister and IMPACT's Chairman.
Thursday, March 19, 2009
Holes in the machine
Malicious software may just be a property of the network, says regular contributor Bill Thompson
The Conficker worm will be active again on 1 April, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA.
This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member "botnet" of zombie computers that can be controlled remotely by the worm's as yet unidentified authors.
Since it first appeared in October 2008 it has apparently infected more than 15 million computers around the internet, though even that number is no more than an educated guess because the worm works very hard to disguise its presence on a PC.
Wednesday, March 18, 2009
Card-sniffing trojans target Diebold ATM software
Security researchers from Sophos have discovered sophisticated malware that siphons payment card information out of automatic teller machines made by Diebold and possibly other manufacturers.
Sophos researcher Vanja Svajcer found three samples after combing through VirusTotal and a similar online database earlier this month. If installed, all three trojans contained functions that allowed them to log information recorded by an ATM's magnetic card reader. They also appeared to include routines for encrypting the stolen data and instructions for retrieving the captured passwords using the ATM's printing capabilities. That would allow mules outfitted with the proper codes to fetch the pilfered information from the targeted machines, Svajcer told The Register.
Diebold became aware of the trojans in January, after an incident "isolated in Russia" attempted to use the malware to intercept sensitive information, according to an advisory the company sent its customers. Suspects in the incident have been apprehended, and Diebold is working with authorities "to assist with the investigation into these recent crimes," the advisory added.
Mobile users at risk of ID theft
A survey of London commuters suggests that 4.2m Britons store data on their mobiles that could be used in identity theft in the event they are stolen.
Only six in 10 use a password to limit entry into the phones, according to the survey by security firm Credant.
The survey found that 99% of people use their phones for business in some way, despite 26% of them being told not to.
Security experts say that password protection and, where possible, data encryption, is essential.
The advent of smartphones has seen the types of information that pass through handsets proliferate and it is now much more common to store sensitive information and work-related details on handsets.
Thursday, March 12, 2009
Koobface variant worms across social networking sites
A new strain of the Koobface worm is spreading across social networking sites including Facebook, MySpace and Bebo.
The malware posts invitations to the friends of infected users inviting them to view a video. The linked website tries to trick prospective marks into believing they need an updated version of Adobe Flash Player plugin to view the clip. The software offered is, of course, loaded with Windows-specific Trojan code. This malware establishes a back-door on compromised Windows machines.
BBC team exposes cyber crime risk
Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime.
The technology programme Click has demonstrated just how at risk PCs are of being taken over by hackers. Almost 22,000 computers made up Click's network of hijacked machines, which has now been disabled. The BBC has now warned users that their PCs are infected, and advised them on how to make their systems more secure.
Click managed to acquire its own low-value botnet - the name given to a network of hijacked computers - after visiting chatrooms on the internet. The programme did not access any personal information on the infected PCs. If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnets' collective power when in the hands of criminals. Click ordered its PCs to send out spam to two specific test e-mail addresses set up by the programme. Within hours, the inboxes started to fill up with thousands of junk messages. But a botnet can also be used to launch a concerted attack on commercial websites to take them out of action.
Monday, March 09, 2009
Online brand abuse 'on the rise'
Online abuse of the world's top brands is rising, according to a report.
Cyber-squatting - in which someone registers a domain name with the aim of selling it on at a later date - remains the most common form of abuse. Cyber-squatting rose by 18% in 2008, to 1,722,133 reported incidents, according to brand specialist MarkMonitor. The study also found that 80% of sites identified in 2007 as "abusive" were still in existence today. The report suggests that brand owners need to take a more aggressive stance against people or companies abusing a trademark, brand or domain name.
"That 80% of sites identified in our study last year remain active today confirms that abuse is economically sustainable for fraudsters," said Frederick Felman, chief marketing officer for MarkMonitor. "We expect attacks to grow both internationally and in complexity, further increasing the threat to organisations' reputations and revenues."
Thursday, March 05, 2009
German cops bust cybercrime forum
German police have arrested several members of a hacking forum linked to the distribution of Trojan horse software that infected 80,000 computers.
The www.codesoft.cc messageboard was being abused by cybercrooks to exchange tips on ways to use malware and other means to create counterfeit credit cards, according to cybercops from the LKA (Landeskriminalamt) internet crime unit (statement in German here [pdf]).
Police have raided the home of an unnamed 22-year-old Swiss man from Lucerne, Switzerland, on suspicion of running the forum. He allegedly used the online alias tr1p0d to flog password-stealing software. Police recovered what's claimed to be a database of codesoft.cc's users and their IP addresses from a raid on the Swiss suspect's home, net security firm Sophos adds.
Google Earth faces terrorist target airbrush bill
Concerned that international terrorists are prepping their attacks with help from services like Google Earth, Microsoft Virtual Earth, and Google Street View, a California lawmaker hopes to airbrush certain structural details from countless public buildings pictured on these web-based virtual landscapes.
San Diego-based Assemblyman Joel Anderson recently introduced a California bill that would bar "online mapping services" from serving up overly-revealing images of schools, hospitals, churches, and government buildings.
"This bill does not impact people's ability to go from one location to another on these services," Anderson tells The Reg. "But the current level of detail invites bad behavior. So we're asking these services to limit the level of detail. There's no reason they need to show where all a school's air ducts are and the elevator shafts and all the entry and exit points...
Wednesday, March 04, 2009
New guidelines on behavioural ads
The online advertising industry has launched a set of guidelines for a genre of adverts that have been causing controversy.
The code of practice drawn up by the Internet Advertising Bureau looks specifically at behavioural advertising. This form of advertising delivers ads based on people's browsing activity and is therefore far more targeted. UK ISP BT is planning to roll out such advertising developed by US firm Phorm. The guidelines which have been signed by key players including Phorm, AOL, Google, Microsoft and Yahoo agree on three core commitments:
- Notice. A company collecting and using online information for behavioural advertising must clearly inform a consumer that data is being collected for this purpose
- Consent. A company collecting and using online data for behavioural advertising must provide a mechanism for users to decline behavioural advertising and where applicable seek a consumer's consent.
- Education. A company collecting and using online data for behavioural advertising must provide consumer with clear and simple information about their use of data for this purpose and how users can decline.
Monday, February 23, 2009
Hackers target Xbox Live players
Xbox Live is being targeted by malicious hackers selling services that kick players off the network.
The booting services are proving popular with players who want a way to get revenge on those who beat them in an Xbox Live game. The attackers are employing data flooding tools that have been used against websites for many years. Microsoft is "investigating" the use of the tools and said those caught using them would be banned from Xbox Live. "There's been a definite increase in the amount of people talking about and distributing these things over the last three to four weeks," said Chris Boyd, director of malware research at Facetime Communications.
Tuesday, February 17, 2009
Romanian Hacker Breaches Third Security Vendor Site
The hacker who broke through the Website defenses of two prominent security vendors has claimed a third victim.
According to a posting on hackersblog.com, the Romanian attacker who launched SQL injection attacks on Kaspersky and BitDefender has now successfully penetrated the Web defenses of F-Secure, as well.
"[The F-Secure site is] vulnerable to SQL injection plus cross site scripting," the posting says. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity."
An F-Secure spokesman told news reporters the breach occurred on a low-level server that doesn't contain sensitive data, only marketing statistics. "It is slightly embarrassing as a security company that we have had the breach," said F-Secure's David Frazer, in a news report. "We certainly, as a security company, want to ensure that all of our servers are patched to the levels that they should be."
On Monday Kaspersky conceded that a Romanian hacker had launched a SQL injection attack on its newly implemented U.S. customer support site, exposing a potentially data-threatening vulnerability in its Website. The attacker did not publish any sensitive data, even though he could have gained access to it, Kaspersky said.
Italy police warn of Skype threat
Criminals in Italy are increasingly making phone calls over the internet in order to avoid getting caught through mobile phone intercepts, police say.
Officers in Milan say organised crime, arms and drugs traffickers, and prostitution rings are turning to Skype in order to frustrate investigators.
The police say Skype's encryption system is a secret which the company refuses to share with the authorities.
Investigators have become increasingly reliant on wiretaps in recent years.
Customs and tax police in Milan have highlighted the Skype issue.
They overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg (4.4lb) drug consignment.
The Pirate Bay in the dock as filesharing trial begins
One of most high-profile trials over copyright infringement in years began today in Sweden. Four men behind The Pirate Bay website – which enables people to find others willing to share audio, video, games and other files with them – appeared in court in Stockholm to answer the charge that they had assisted in copyright infringement.
The film, music and games industries are saying that the defendants not only encouraged copyright infringement but also profited from it, while the defendants argue that they hosted no shared files and therefore are not responsible for infringement.
The Pirate Bay is a "torrent" tracker, which uses the peer-to-peer file sharing technology called BitTorrent. Trackers don't host the music, video or software files themselves, but allow users to search for and download "torrent" files. Those in turn allow users to find other people who have the file they want, and to share the files amongst themselves. Each BitTorrent user with a copy of the file contributes a piece to others who are downloading it.
Hackers: BitDefender site exposes private data
Romanian hackers have discovered a security flaw in the website of anti-virus provider BitDefender. They said it was the second time in a week the company has inadvertently exposed a database that is supposed to remain private.
According to an item posted to HackersBlog, BitDefender's main website can be tricked into disclosing database contents by embedding commands into the BitDefender.com URL.
"This parameter gives access to the DB," a hacker by the name of Unu reported. "I will not publish too much now as I am waiting for the problem to be solved."
Unu went on to say he had reported the vulnerability to the site's webmaster but had received no reply. "Therefore, knowing they read our articles, I will let them know here that they have a vulnerable parameter," he wrote.
A BitDefender spokesman confirmed the site had an unchecked parameter that was fixed on Saturday. But he denied the flaw exposed any private information or resulted in an SQL injection.
Friday, February 13, 2009
Microsoft bounty for worm creator
A reward of $250,000 (£172,000) has been offered by Microsoft to find who is behind the Downadup/Conficker virus.
Since it started circulating in October 2008 the Conficker worm has managed to infect millions of computers worldwide.
The software giant is offering the cash reward because it views the Conficker worm as a criminal attack.
"People who write this malware have to be held accountable," said George Stathakopulos, of Microsoft's Trustworthy Computing Group.
He told BBC News the company was "not prepared to sit back and let this kind of activity go unchecked".
"Our message is very clear - whoever wrote this caused significant pain to our customers and we are sending a message that we will do everything we can to help with your arrest," said Mr Stathakopulos.
Arbor Networks said as many as 12 million computers could be affected globally by Conficker/Downadup since it began prowling the web looking for vulnerable machines to infect in October.
Wednesday, February 11, 2009
ITU and European Commission Mark Safer Internet Day
ITU and the European Commission have joined forces to mark Safer Internet Day. This year, the focus is on protecting children online. Children are among the most active — and most vulnerable — participants online.
According to recent surveys, over 60 per cent of children and teenagers talk in chat rooms on a daily basis. Three in four children online are willing to share personal information about themselves and their family in exchange for goods and services. One in five children will be targeted by a predator or paedophile each year. Protecting children in cyberspace is, therefore, clearly our duty.
"Children are very resourceful in making the most of online services such as social networking sites and mobile phones," said Viviane Reding, European Commissioner for Information Society and Media. "But many still underestimate the hidden risks of using these, from cyber-bullying to sexual grooming online. Today, I call upon all decision-makers, from both the public and the private sector, to listen and learn from children and to improve awareness strategies and tools to protect minors." Ms Reding added: "The Internet binds the whole world together. The safety of children who use it is a concern for everyone. I am therefore very happy that ITU is associated with us in doing this, today on Safer Internet Day, and all year round."
"Child online safety must be on the global agenda," said ITU Secretary-General Hamadoun Touré. "We must ensure that everyone is aware of the dangers for children online. And we want to promote and strengthen the many outstanding efforts that are being made around the world, such as the Safer Internet Programme, to limit these dangers."
This year, the 6th edition of Safer Internet Day includes more than 500 events in 50 countries worldwide. ITU and the European Commission will collaborate on this and future events, such as World Telecommunication and Information Society Day, 17 May 2009, which is dedicated to "Protecting Children in Cyberspace". The European Commission’s Directorate General for Information Society and Media has declared its full support for ITU’s Child Online Protection (COP) Initiative.
Read full press release.
Find out more information on ITU's Child Online Protection Initiative.
Tuesday, February 10, 2009
Teens targeted in net safety push
Half of Europe's teenagers browse the web with no parental oversight or supervision, a survey suggests.
The research into the web habits of 20,000 14 to 19-year-olds across Europe found that 51% enjoy unfettered access to any and every website.
The MSN research also found that 29% of the teenagers it quizzed have suffered bullying while using the web.
It comes as the EU marks Safer Internet Day with pledges from 17 social sites to do more to protect younger users.
"We were surprised that it's over 50% without any parental control," said John Mangelaars, head of Microsoft's consumer and online divisions in Europe.
Thursday, February 05, 2009
'Spam-friendly' domain registrars named and shamed
The vast majority of spam (83 per cent) is linked to sites established through ten domain name registrars, according to a new study. An analysis of junk mail messages by anti-spam firm Knujon ("no junk" spelled backwards) found that while there are 900 accredited domain name registrars, spammers register their spamvertised domains though only a tiny sample. Knujon's study names and shames the registrars who are contributing (unwittingly or not) to the junk mail problem.
- XinNet Cyber Information Company Limited
- Network Solutions
- Planet Online
- Regtime Ltd.
- OnlineNIC Inc.
- Spot Domain LLC
- Wild West Domains
- Hichina Web Solutions
Parking ticket leads to a virus
Hackers have discovered a new way of duping users onto fraudulent websites: fake parking tickets.
Cars in the US had traffic violation tickets placed on the windscreen, which then directed users to a website. The website claimed to have photos of the alleged parking violation, but then tricks users into downloading a virus. Anti-virus firm McAfee says the Vundo Trojan then gets users to install a fake anti-virus scanner. Vehicles in Grand Forks, North Dakota were the targets for this new type of fraud. Drivers found the following message on the yellow ticket on their windscreen: "PARKING VIOLATION This vehicle is in violation of standard parking regulations". The ticket then instructed drivers to visit a website, where drivers could "view pictures with information about your parking preferences".
Monday, February 02, 2009
Passport RFIDs cloned wholesale by $250 eBay auction spree
Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses.
The $250 proof-of-concept device - which researcher Chris Paget built in his spare time - operates out of his vehicle and contains everything needed to sniff and then clone RFID, or radio frequency identification, tags. During a recent 20-minute drive in downtown San Francisco, it successfully copied the RFID tags of two passport cards without the knowledge of their owners.
'Human error' hits Google search
Google's search service has been hit by technical problems, with users unable to access search results.
For a period on Saturday, all search results were flagged as potentially harmful, with users warned that the site "may harm your computer".
Users who clicked on their preferred search result were advised to pick another one.
Google attributed the fault to human error and said most users were affected for about 40 minutes.
Cyber crime tool kits go on sale
Malicious hackers are producing easy to use tools that automate attacks to cash in on a boom in hi-tech crime.
On sale, say security experts, are everything from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks.
The top hacking tools are being offered for prices ranging up to £500.
Some of the most expensive tools are sold with 12 months of technical support that ensures they stay armed with the latest vulnerabilities.
"They are starting to pop up left and right," said Tim Eades from security company Sana, of the sites offering downloadable hacking tools. "It's the classic verticalisation of a market as it starts to mature."
Malicious hackers had evolved over the last few years, he said, and were now selling the tools they used to use to the growing numbers of fledgling cyber thieves.
Cybercrime threat rising sharply
The threat of cybercrime is rising sharply, experts have warned at the World Economic Forum in Davos.
They called for a new system to tackle well-organised gangs of cybercriminals.
Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves, they said.
The internet was vulnerable, they said, but as it was now part of society's central nervous system, attacks could threaten whole economies.
The past year had seen "more vulnerabilities, more cybercrime, more malicious software than ever before", more than had been seen in the past five years combined, one of the experts reported.
Thursday, January 29, 2009
Why conventional protection fails against web threats
Web threats: Why conventional protection doesn't work
This white paper from Trend Micro describes web threats, how they function, and their impacts. The paper argues that conventional security practices cannot cope with today's "blended techniques, an explosion of variants, and targeted regional attacks often based on social engineering to defraud users".
DDoS attack boots Kyrgyzstan from net
The central Asian republic of Kyrgyzstan was effectively knocked offline for more than a week by a Russian cybermilitia that continues to flood the country's internet providers with crippling data attacks, a security expert said.
The attacks, which began on January 18, bear the signature of pro-Russian nationalists believed to have launched similar cyber assaults on the republic of Georgia in August, said Don Jackson, a researcher with Atlanta-based security provider SecureWorks. The attacks on Kyrgyzstan were so potent that most net traffic in and out of the country was completely blocked during the first seven days.
Wednesday, January 28, 2009
Judges grant McKinnon extradition review
Judges have granted a review of the Home Secretary's decision to continue with extradition proceedings against Pentagon hacker Gary McKinnon.
The decision - by Lord Justice Maurice Key and Mr Justice Simon - places a judicial block on attempts to haul McKinnon over to the US on hacking offences, irrespective of whether UK prosecutors decide to press charges in Britain. In a statement issued on Friday, McKinnon's lawyers Kaim Todner welcomed the decision, pointing out that even though McKinnon took his appeal against extradition all the way up to the House of Lords, no court has considered the impact of extradition in light of McKinnon's recent diagnosis with Asperger's syndrome.
Since his diagnosis, autism experts have expressed concern over whether the 43-year-old could handle extradition, let alone the likelihood of trial and imprisonment in the US. It's unclear whether the Home Office has obtained promises that McKinnon would be immediately repatriated to the UK after any prospective US trial, assurance obtained at the last minute in the case of the NatWest Three, who were extradited to the US in 2006.
Spammers target Twitter
After undermining the usefulness of email, turning newsgroups into a forum for promoting sex sites and filling blog comment sections with adverts for penis pill adverts and get rich quick schemes, spammers have set their sights on a new target - Twitter.
Richard Stiennon of ThreatChaos.com has published an analysis explaining how spammers are lining up to exploit the popular micro-blogging service as a medium for junk mail messages.
An application called TweetTornado takes advantage of the fact most Twitter users permit followers to join their feeds without permission. The application creates a large number of bogus Twitter IDs, each following a large number of users, before posting Tweets with links from a text file.
ICANN freezes over fast flux fury
The non-profit group that oversees the internet's address system is seeking the public's help in deciding what to do about the growing use of a technology known as fast flux, which is used by cybercriminals to thwart take-down efforts, but which can also be used for legitimate purposes as well.
The Internet Corporation for Assigned Names and Numbers (ICANN) opened a 20-day comment period on Monday, the same day its Working Group on Fast Flux issued a report saying, essentially, that its members are deadlocked on key questions about how to proceed.
"Some members of the Working Group provided reasons as to why policy development to address fast flux is outside the scope of ICANN's remit, while others disagreed," the interim report (PDF) stated. "Gaining a common appreciation and broad understanding of the motivations behind the employment of fast flux or adaptive networking techniques proved to be a particularly thorny problem for the WG."
Microsoft boasts 'out of box' IE8 clickjack protection
Microsoft has beefed up its latest Internet Explorer browser with an "out of the box" feature that it says will protect users against a serious class of attacks that allows maliciously controlled websites to manipulate the links visitors click on.
The new measure, baked into Redmond's first release candidate for IE8, blocks so-called clickjacking attacks, a threat that security researchers warn plagues users of every major browser.
Once lured to a malicious address, a user may think she's clicking on a link that leads to Google - when in fact it takes her to a money transfer page, a banner ad that's part of a click-fraud scheme, or any other destination the attacker chooses. Because it exploits architectural flaws in the internet's core, clickjacking has proved an extremely vexing problem to fix.
UK will not legislate on piracy
The UK's Intellectual Property minister David Lammy has said the government will not force internet service providers to pursue file sharers.
There had been mounting speculation about government legislation on the issue as the music industry steps up its fight against the pirates.
Other countries, such as France, have supported tough action on file-sharers, who cost the industry millions.
But Mr Lammy said legislation would be too complex.
"We can't have a system where we're talking about arresting teenagers in their bedrooms," he told The Times newspaper.
Talk of the government forcing internet service providers to evict file-sharers from their networks grew last year as the British Phonographic Industry adopted a tougher stance.
Tuesday, January 27, 2009
Job website hit by major breach
Hackers are believed to have stolen the personal details of millions of people using the online job site Monster.
Users around the world have been affected, including the 4.5 million users of the UK site.
If all are affected it would make it the biggest data theft in the UK since the details of 25 million child benefit claimants went missing last year.
The recruitment giant has advised people to change their passwords and be on the lookout for phishing e-mails.
Recruitment sites have proved rich pickings for criminally-minded hackers in the past and it is not the first time Monster has fallen foul of cyber thieves.
In 2007, 1.3 million details were downloaded to servers based in Ukraine.
Google publishes "Browser Security Handbook"
This handbook is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.
Available at http://code.google.com/p/browsersec/wiki/Main
Friday, January 23, 2009
White House plans open government
Searching for data about the Obama administration should get easier as the Whitehouse.gov website gets overhauled.
Mr Obama's new media team is letting search engines index almost everything on the site. By contrast, after eight years of government the Bush administration was stopping huge swathes of data from being searchable. The move is part of President Obama'
Many websites limit what search engines can index by use of what is known as a robots.txt file. The robots.txt file the Bush administration set up for Whitehouse.gov ran to almost 2377 lines and limited the way search engines could log the data found on the site. On the first day of the Barack administration the robots.txt file shrunk to two lines allowing, for the moment, search sites to index everything it contains. The new media team also created a Whitehouse.gov blog that will act as an informal record of events, speeches and decisions.s larger push to make the US government more open and transparent.
Wednesday, January 21, 2009
Windows virus infects 9m computers
The number of Windows computers infected with the new "downadup" worm – also known as "Conficker" and "Kido" – has exploded to almost 9 million worldwide, from roughly 2.4m last Thursday, according to the computer security company F-Secure.
The growth in the number of infected machines – which the company's researchers called "just amazing" – makes it one of the worst malware outbreaks of the past five years. The principal targets are corporate Windows servers belonging to small businesses who have not installed security updates released by Microsoft last October. F-Secure estimates that a third of all potentially vulnerable systems have not had the update.
Conficker seizes city's hospital network
Staff at hospitals across Sheffield are battling a major computer worm outbreak after managers turned off Windows security updates for all 8,000 PCs on the vital network, The Register has learned.
It's been confirmed that more than 800 computers have been infected with self-replicating Conficker code. Insiders at Sheffield Teaching Hospitals Trust said they suspect many more machines are affected but have not been reported to IT.
The Trust told The Register it now has the outbreak under control and is engaged in "clearing up" remnants. Non-urgent appointments in the medical imaging department had to be cancelled while its computers were disinfected. A Trust spokeswoman said no other direct impact on patient care was known.
US credit card payment house breached by sniffing malware
Heartland Payment Systems - a payments processor that serves more than 250,000 US businesses - warned consumers Tuesday that their card data may have been compromised following a security breach of the company's payment system.
The Princeton, New Jersey firm said forensic investigators discovered malicious software on its computer network last week. Executives urged cardholders to closely examine their monthly credit and debit card statements and report any unauthorized charges to the issuers.
New OS X research warns of stealthier Mac attacks
A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple's OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today's forensics practices.
The technique, which Italian researcher Vincenzo Iozzo plans to detail at the Black Hat security conference in Washington next month, makes it possible to carry out stealthy Mac attacks that until now have not been possible. The in-memory injection approach allows unauthorized software to be installed on a Mac without leaving traces of the attack code or other tell-tale signs that the machine has been compromised.
Friday, January 16, 2009
Prolific worm infects 3.5m Windows PCs
A prolific new worm has spread to infect more than 3.5m Windows PCs, according to net security firm F-secure. The success of the Conficker (AKA Downadup) worm is explained by its use of multiple attack vectors and new social engineering ruses, designed to hoodwink the unwary into getting infected.
The worm uses a complex algorithm to develop a changing daily list of domains which infected machines attempt to establish contact with. Hackers need only register one of these possible names to establish contact with the botnet established by Conficker. The tactic is designed to frustrate attempts by security watchers to dismantle the command and control network associated with compromised machines.
419ers take Canadian for $150,000
Canadian man who fell for a 419 scam was taken for $150,000 by advance fee fraudsters who conducted a textbook operation to fleece their victim.
John Rempel of Leamington, Ontario, got an email back in 2007 from "someone claiming to be a lawyer with a client named David Rempel who died in a 2005 bomb attack in London", the Windsor Star reports. The email claimed the "deceased" had left $12.8m, and since he had no family "wanted to leave the money to a Rempel".
Child porn in the age of teenage 'sexting'
An international child pornography ring that traded more than 400,000 illegal images and videos - some depicting pre-pubescent children in sexual and sadistic acts - is the kind of heinous behavior that makes you glad there are strict laws against such things. Seven US men were convicted of the crime on Wednesday.
Then there are the miscarriages of such laws, like the charging this week of six Pennsylvania teens alleged to have sent and received nude or semi-nude pictures of themselves on cell phones. It's the kind of case overzealous prosecutors have begun bringing with alarming frequency over the past year or two.
There's a stark difference between the two sorts of crimes. The first represent the almost unspeakable depravity of adult monsters who prey on the utterly defenseless. The latter threaten to brand individuals who have yet to reach the age of 18 as sex offenders for indiscretions that are largely victimless. [Source: The Register]
Next-gen botnet armies fill spam void
The demise late last year of four of the world's biggest spam botnets was good news for anyone with an email inbox, as spam levels were cut in half - almost overnight. But the vacuum has created opportunities for a new breed of bots, some of which could be much tougher to bring down, several security experts are warning.
New botnets with names like Waledac and Xarvester are filling the void left by the dismantling of Storm and the impairment of Bobax, Rustock, and Srizbi, these researchers say. The new breed of botnets - massive networks of infected Windows machines that spammers use to blast out billions of junk messages - sport some new designs that may make them more immune to current take-down tactics.
Waledac is a good example. It appears to be a complete revision of Storm, that includes the same state-of-the-art peer-to-peer technology and fast-flux hosting found in its predecessor, according to researcher Joe Stewart of Atlanta-based security provider SecureWorks. But it differs from Storm in one significant way: Weak encryption protocols, which proved to be an Achilles Heel that led to its downfall, have been completely revamped.
Wednesday, January 14, 2009
School's links to porn site end
A school in Ipswich has finally got the internet domain of its own name after a three-year battle.
Instead of directing people to the school, the site has been directing users to online dating which then link to sites advertising "Mature Sex."
Framlingham College first tried to get the site at www.framlinghamcollege.co.uk shut in 2005, but was unsuccessful.
The domain registry Nominet has now ruled in the school's favour on appeal.
Gaza crisis spills onto the web
A propaganda war is being waged on the internet between supporters of the Israeli and Palestinian sides in the current conflict in the Gaza Strip.
Activists have turned to defacing websites, taking over computers, and shutting down Facebook groups.
US Military sites, Nato, and an Israeli Bank have all been targeted.
Experts have warned users to be on the lookout for phishing emails and webmasters to ensure their servers are secure.
The hacking of security barriers for political or ideological reasons has been branded by some as hacktivism. And it is thought that as use of the internet grows, so too will the number of attacks.
On 7 January, pro-Palestinian hackers defaced several high-profile websites, including a US Army website, and the Nato Parliamentary Assembly's website.
Calling themselves "Agd_Scorp/Peace Crew", they replaced pages with white space and a well-known photograph of a boy throwing stones at an Israeli tank in Gaza, and the Israeli, American and British flags with a red strike through them.
"Stop attacks u israel and usa ! you cursed nations ! one day muslims will clean the world from you!" wrote the hackers.
Dwight Griswold, the Nato Parliamentary Assembly's head of IT, says that the attackers persisted in attempting access for a number of days following the initial attack, adding that the intruders did not gain access to any of the Assembly's internal servers.
The battle also looms large on social networking site Facebook, where dozens of groups related to the conflict in Gaza have sprung up.
The clash flared up when a group using the logo of the Jewish Internet Defence Force (JIDF) took control of several of these groups.
They removed content and replaced it with statements supporting Israeli policy and criticising the Palestinian militant group Hamas, which controls Gaza, and replaced the groups' images with the JIDF logo.
Monday, December 22, 2008
New guidelines boost web access
The World Wide Web Consortium (W3C) has announced a new standard to make sites more accessible to older and disabled people.
Version 2.0 of the Web Content Accessibility Guidelines (WCAG) will apply to text, images, audio and video.
It also covers web applications and is said to give developers more flexibility than the old guidelines.
According to the consortium, WCAG 2.0 should also be easier to understand and use.
The guidance is designed to address barriers encountered by people with visual, hearing, physical, cognitive and neurological disabilities and older people with access needs.
Thursday, December 18, 2008
Nine in ten emails now spam
Nine in ten emails are now spam with an estimated 200bn junk mail messages a day clogging up the internet, according to a new report by networking and security giant Cisco.
Drive-by download attacks - planting redirection scripts on legitimate sites that lead onto hacker controlled websites full of exploits - have become a popular method for spreading all forms of malware, including botnet clients that turn PCs into spam-churning zombies.
The US is the single biggest source of spam, accounting for 17.2 per cent of junk mail. Other big offenders include Turkey (9.2 per cent), Russia (8 per cent), Canada (4.7 per cent), Brazil (4.1 per cent), India (3.5 per cent), South Korea (3.3 per cent), Germany and the UK (2.9 per cent each).
The latest 2008 edition of Cisco's annual security report notes a 90 percent growth in threats stemming from legitimate domains, nearly double that recorded in 2007. Numerous mainstream websites were loaded with iFrames, malicious scripts that redirect visitors to malware-downloading sites.
Microsoft issues emergency IE patch as attacks escalate
Microsoft has issued a rare emergency update for its Internet Explorer browser as miscreants stepped up attacks targeting a vulnerability on hundreds of thousands of webpages.
In many cases, the websites distributing the toxic payload are legitimate destinations that have been commandeered, allowing an attacker to snare victims as they surf to online banks, forums, and other trusted sites. There are at least six distinct versions of attack code circulating in the wild, according to researchers at iDefense, a security lab owned by VeriSign.
A web search showed 233,000 pages containing the string ardoshanghai.com/s.js, just one of many web addresses exploiting a weakness in the way IE's data-binding function works. Most of the attacks silently install keylogging software as soon as a victim surfs to a site carrying the exploit. Once installed, the software steals login credentials for online games.
"The vulnerability is so juicy that we expect it to show up in tool kits fairly shortly," said Rick Howard, intelligence director of iDefense.
The patch was released eight days after reports began circulating that websites were targeting a vulnerability in fully patched versions of IE. This is only the second time in 18 months that Microsoft has issued an unscheduled update. Typically, patches are available on the second Tuesday of each month to allow system administrators time for planning.
Wednesday, December 17, 2008
Discussion on cybersecurity at the Erice Prize Award in Rome, held at the Pontifical Academy of Sciences
Vatican, 17 December 2008: On the ocasion of the Erice Prize Award in Rome, world reknown scientists discuss global cybersecurity perspectives, their legal challenges and the threat of cyberwar. ITU Secretary-General Dr Hamadoun I. Touré speaks on cyber conflict and cyber defence in the framework of ITU's Global Cybersecurity Agenda and sends an invitation to the global negotiating table.
Tuesday, December 16, 2008
Legal papers served via Facebook
An Australian couple have been served with legal documents via the popular social networking site Facebook.
Mark McCormack, a lawyer in Canberra, persuaded a court to allow him to use the unusual method after other attempts to reach them failed. The couple's home is being repossessed after they reportedly missed payments on a loan of over A$100,000 ($67,000; £44,000). It is believed to be the first time Facebook has been used in this way.
Mr McCormack says he resorted to Facebook to trace the couple after unsuccessful attempts to contact them at their home address and via email, and they failed to attend a court appearance on 3 October. He found the woman's page, and used details listed there such as her date of birth to argue in the Australian Capital Territory Supreme Court that she was the person in question. Her partner was listed as one of her "friends".
In granting permission to use the social networking site, the judge stipulated that the papers be sent via a private email so that other people visiting the page could not read their contents. "It's somewhat novel, however we do see it as a valid method of bringing the matter to the attention of a defendant," Mr McCormack said.
Friday, December 12, 2008
Net firms rebuff filtering plan
Australian government plans to filter net use have been rebuffed by local internet service providers (ISPs).
Telstra, Australia's largest ISP, has said it will not join trials of the filters and others say they will only back a scaled-down system. The government wants to filter all net traffic and block access to 10,000 sites deemed to hold illegal content. The initial trials of the filtering technology were due to take place before Christmas.
Australian newspaper The Age reports that both Telstra and Internode have declared they will not participate in the trials. iiNet said it wanted to take part to show that the filters do not work and Optus would only work with a scaled back plan. The plan to set up mandatory filters followed research by the Australian Communications and Media Authority which found that existing filters did a poor job of blocking illegal content. Responding to the rebuff by ISPs, Australia's communications minister Stephen Conroy said the initial trials would not be "closed" and involve no actual customers.
US shuts down 'scareware' sellers
The US government has moved to shut down sellers of fake security software.
The Federal Trade Commission (FTC) has won a restraining order that stops several sellers of "scareware" from continuing to trade. Millions of people are thought to have been caught out by the software which, once installed, issues false alerts about viruses and illegal porn. The FTC is pursuing further legal action to win a permanent ban on those peddling the scareware.
Court papers submitted by the FTC show that the peddlers of the fake security software tricked websites into advertising their products. The companies behind the fake security software won customers via adverts on many popular websites. Anyone clicking on an advert was taken to the webpages run by the fake security firms which then ran a "scan" looking for security problems.
Thursday, December 11, 2008
Men charged for global porn links
Australian police have charged at least 19 men with being part of a global child pornography network involving people in 70 countries.
The investigation was prompted by a tip-off from Brazilian police. The men who have been charged include a police officer, a senior lawyer and a childcare worker. Some 500,000 images of child abuse and 15,000 videos were seized, and the Australian Federal Police said more arrests were expected later this week. Some of the seized videos showed victims as young as 12 months old, while others showed children being abused for more than two hours. "These are some of the worst images, I must say, that the Federal Police have ever seen," Australian Federal Police Deputy Commissioner Andrew Colvin told reporters. The Australians said that information supplied by Brazil to the international policing network, Interpol, had helped identify more than 200 suspects in 70 countries. [Source: BBC News]
Tuesday, December 09, 2008
Facebook worm hijacks web search
A new variant of the Koobface worm has returned to menace users of Facebook. As before, the malware generates messages to friends of infected users on the social networking website. These messages direct the unwary into visiting websites that supposedly offer video clips. Would-be marks are told they need the latest copy of Adobe Flash to view this content and are prompted to download a file, which actually contains the worm's payload.
If the code executes on a vulnerable Windows PC the user gets infected. The worm's lifecycle then begins anew, ready to target their Facebook friends too. The malware was first spotted in late July.
21 million German bank accounts - yours for only €12m
Identity thieves who claim they stole details of 21 million German bank accounts are offering to sell the data on the black market for €12 million (US$15.3 million), a German magazine reported over the weekend.
To prove they weren't bluffing, the crooks produced the compact disc containing the names, addresses, phone numbers, birthdays account numbers, and bank routing numbers of 1.2 million accounts. Two investigative reporters for WirtschaftsWoche say they obtained the CD during a face-to-face meeting at a hotel in Hamburg with two individuals involved with the theft. The journalists were posing as interested buyers working for a gambling operation.
"We took away with us the first delivery, a CD with 1.2 million accounts, that we couldn't imagine," said one of the editors overseeing the investigation. "In the worst case, three out of four German households would have to be afraid that some money could be taken from their checking account without their authorisation, and perhaps even without their realising it," the magazine stated.
Monday, December 08, 2008
New trojan in mass DNS hijack
Researchers have identified a new trojan that can tamper with a wide array of devices on a local network, an exploit that sends them to impostor websites even if they are hardened machines that are fully patched or run non-Windows operating systems.
The malware is a new variant of the DNSChanger, a trojan that has long been known to change the domain name system settings of PCs and Macs alike. According to researchers with anti-virus provider McAfee's Avert Labs, the update allows a single infected machine to pollute the DNS settings of potentially hundreds of other devices running on the same local area network by undermining its dynamic host configuration protocol, or DHCP, which dynamically allocates IP addresses.
"Systems that are not infected with the malware can still have the payload of communicating with the rogue DNS servers delivered to them," McAfee's Craig Schmugar writes here of the new variant. "This is achieved without exploiting any security vulnerability."
Brit ISPs censor Wikipedia over 'child porn' album cover
Six British ISPs are filtering access to Wikipedia after the site was added to an Internet Watch Foundation child-pornography blacklist, according to Wikipedia administrators.
As of Sunday morning UK time, certain British web surfers were unable to view at least one Wikipedia article tagged with ostensible child porn. And, in a roundabout way, the filtering has resulted in Wikipedia admins banning large swaths of the United Kingdom from editing the "free encyclopedia anyone can edit."
On Friday, Wikipedia administrators noticed that Virgin Media, Be Unlimited/O2/Telefonica, EasyNet/UK Online, PlusNet, Demon, and Opal were routing Wikipedia traffic through a small number of transparent proxy servers as a way of blocking access to the encyclopedia's article on Virgin Killer, a mid-1970s record album from German heavy band Scorpions.
At it stands, the article includes an image of the album's original cover, which depicts a naked prepubescent girl. The cover was banned in many countries and replaced by another when the album made its 1976 debut. And apparently, the image is now on a blacklist compiled by the Internet Watch Foundation, a government-backed organization charged with fighting online child pornography in the UK and Europe. [Source: The Register]
Monday, December 01, 2008
EU to search out cyber criminals
Remote searches of suspect computers will form part of an EU plan to tackle hi-tech crime.
The five-year action plan will take steps to combat the growth in cyber theft and the machines used to spread spam and other malicious programs.
It will also encourage better sharing of data among European police forces to track down and prosecute criminals.
Europol will co-ordinate the investigative work and also issue alerts about cyber crime sprees.
The five-year plan won the backing of the EU ministers at a meeting which also granted 300,000 euros (£250,000) to Europol to create the system to pool crime reports and issue alerts about emerging threats.
The ministerial meeting also backed the anti-cyber crime strategy that will see the creation of cross-border investigation teams and sanction the use of virtual patrols to police some areas of the net.
Other "practical measures" include encouraging better sharing of information between police forces in member nations and private companies on investigative methods and trends.
In particular the strategy aims to tackle the trade in images of children being sexually abused. In a statement outlining the strategy the EU claimed "half of all internet crime involves the production, distribution and sale of child pornography".
Forces will also take part in "remote searches" and patrol online to track down criminals. The EU said controls were in place to ensure that data protection laws were not breached as this information was gathered and shared.
"The strategy encourages the much needed operational cooperation and information exchange between the Member States," said EC vice-president Jacques Barrot in a statement.
"If the strategy is to make the fight against cyber crime more efficient, all stakeholders have to be fully committed to its implementation," he added. [Source: BBC News]
Tuesday, November 25, 2008
Booming cybercrime economy sucks in recruits
The underground economy is booming even as the rest of the economy lurches towards recession, according to a new study by Symantec.
The net security giant reports that the cybercrime economy has grown into an efficient, global marketplace to handle the trade in stolen goods and fraud-related services. It estimates the combined value of goods in underground forums at $276m for the 12 months prior to the end of June 2008.
Credit card data made up nearly a third (31 per cent) of the advertised sales logged, recorded the Symantec study. Purloined credit card numbers sold for between $0.10 to $25 per card, with the average advertised stolen credit card limit coming in at around $4,000. Credit card information is often sold to fraudsters in job lots, with discounts for large purchases.
Login details for online accounts were the subject of one in five sales and the second most commonly offered commodity in underground crooks bazaars. Stolen login details were offered for anything between $10 and $1,000, depending on the balance and location of compromised accounts. The average balance of these accounts was around 40,000.
Other items up for sale included email accounts and pirated computer games or application software.
Online currency accounts were by far most popular method of payment, used to settle 63 percent of the sales monitored by Symantec.
A summary of Symantec's study can be found here. The full report is here.
The battle against bogus e-mails
Spammers must send out around 12.5 million unsolicited e-mail messages before someone takes the bait and responds, according to research by the University of California, Berkeley.
David Reid finds out that despite many inboxes filling up with bulk messages, the profit margins of malicious spammers are rather vulnerable.
Any threat to their operation can erode away their profits, with 350 million junk e-mails a month earning just over $100 (£68) a day for those behind them.
"Fight for rights"
Microsoft is co-ordinating the latest attack on spammers by bringing together a coalition of companies, including Western Union and the African Development Bank, to fight lottery scams.
"Lottery scams in particular are e-mails or spam e-mails that tell you that you've won the lottery, and here's this huge amount of money and all you need to do is to pay these taxes up front or something like that in order to get your winnings," said Tim Cranton, the associate general counsel for Microsoft.
Online fraudsters 'steal £3.3bn'
Hi-tech thieves who specialise in card fraud have a credit line in excess of $5bn (£3.35bn), research suggests.
Security firm Symantec calculated the figure to quantify the scale of fraud it found during a year-long look at the net's underground economy.
Credit card numbers were the most popular item on sale and made up 31% of all the goods on offer.
Coming in second were bank details which made up 20% of the items being offered on criminal chat channels.
The $5.3bn figure was reached by multiplying the average amount of fraud perpetrated on a stolen card, $350 (£234), by the many millions Symantec observed being offered for sale.
Similarly, the report said, if hi-tech thieves plundered all the bank accounts offered for sale they could net up to $1.7bn.
Thursday, November 20, 2008
Dead network provider arms Rustock botnet
McColo, a network provider that was yanked offline following reports it enabled more than half the world's spam, briefly returned from the dead over the weekend so it could hand-off command and control channels to a new source, security researchers said.
The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to Paul Ferguson, a security researcher for anti-virus software maker Trend Micro.
The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they'd report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo's demise isn't likely to last.
"It's going to take a little while before we probably see the spam levels go back up again, at least from those botnets," Ferguson told The Register. Because McColo was cut off so quickly after regaining connectivity, botnet operators were probably not able to update as many nodes as hoped, he added. Rustock is capable of sending 30 billion spam messages per day, according to researchers from anti-virus provider Sophos, which also witnessed the Rustock transition.
Microsoft to offer free security
In a surprise move, Microsoft has announced it will offer a free anti-virus and security solution from the second half of next year.
It will stop selling OneCare, its all-in-one security and PC management service, from the end of June 2009.
The new software, code-named Morro, will be a no-frills program suited to smaller and less powerful computers.
The software will be free to download and will support Windows XP, Vista and Windows 7.
The move comes as sales of the OneCare subscription service are flagging - reportedly because the anti-virus marketplace is already flooded with big-name players such as Symantec and McAfee.
Since its launch in May 2006, OneCare has garnered less than 2% of the security software market share.
In a statement, Microsoft said that Morro would be designed specifically to be a small-footprint program that uses fewer system resources. This, it said, would be ideal for users with low-bandwidth connections or computers without much processing power.
Wednesday, November 19, 2008
US 'cyber-bullying' case begins
Initial jury selection has begun in the trial of a Missouri woman alleged to have used a fake MySpace profile to bully a girl who later killed herself.
Lori Drew, 49, allegedly posed as a boy on the website to befriend Megan Meier, 13, who hanged herself after the "boy" broke off the virtual relationship.
Ms Drew denies charges of conspiracy and accessing protected computers without authorisation.
The trial is being seen as a landmark case concerning internet law.
Megan, a neighbour of Ms Drew in St Louis and a former friend of her daughter, took her own life in October 2006.
It is alleged that she killed herself after receiving several cruel messages from a fictitious 16-year-old boy named Josh Evans, including one saying the world would be better off without her.
Prosecutors say Ms Drew and several others created the boy on MySpace, the social networking website, after Megan Meier fell out with her daughter.
Tuesday, November 18, 2008
Computer virus affects hospitals
Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus.
The facilities together make up St Bartholomew's (Barts) and The London NHS Trust.
As well as Barts in the City, the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green are affected.
A spokesman said well-rehearsed emergency procedures were in place.
He could not say whether patient services, including scheduled procedures, have been affected by the glitch, which was first detected at 1200 GMT on Monday.
Friday, November 14, 2008
DoS and distributed hacking tools finally criminalised
Computer Misuse Act updated
A law criminalising denial of service attacks and the supply of hacking tools has been brought into force in England and Wales after a number of delays. The law was already in force in Scotland.
Denial of service (DoS) attacks involve the simultaneous sending of millions of messages or page requests to an organisation's servers. The sudden, massive deluge of information can render website and email servers inoperable.
The UK's main cybercrime law is the Computer Misuse Act, passed 18 years ago. Its application to denial of service attacks had been the subject of some confusion.
In 2005, charges were brought under that Act against teenager David Lennon who sent his former employer five million emails at once. The massive volume of email disabled the office server. A Magistrates' Court said that Lennon had no case to answer because the employer's system was designed to receive email. But the High Court later said that the original judge had erred in that ruling. Lennon eventually pleaded guilty and, in 2006, he was sentenced to two months' curfew with an electronic tag.
HLS-08 concludes with ITU Secretary-General's Declaration on Cybersecurity and Climate Change
The 63rd Session of ITU Council opened with a High-Level Segment, 12−13 November 2008. The meeting was inaugurated by two Heads of State, H.E. Mr Paul Kagame, President of Rwanda, and H.E. Mr Blaise Compaoré, President of Burkina Faso, as well as by United Nations Secretary-General Mr Ban Ki-moon via video message. It was attended by some 400 participants, 21 Ministers, Ambassadors and heads of regulatory organizations and UN agencies. The High-Level Segment concluded on 13 November 2008 with a Declaration by ITU Secretary-General, Dr Hamadoun Touré.
Extract from Dr Touré's Declaration:
"Cybersecurity is one of the most important challenges of our time. The rapid growth of ICT networks has enabled opportunists to exploit online vulnerabilities and attack countries’ critical infrastructure...
... Climate change is another profound challenge that is at work, transforming the face of the world. Whatever the underlying cause, at current rates of extinction, scientists predict that two-thirds of all bird, mammal, butterfly, and plant species will be extinct by the end of this century... "
Thursday, November 13, 2008
Spam plummets as gang leaves net
The closure of a web hosting firm that is believed to have had spam gangs as clients has led to a drastic reduction in junk mail.
Two US internet service providers have pulled the plug on the firm McColo following an investigation by the Washington Post newspaper. Anti-spam firm Ironport has seen junk mail levels drop by 70% since McColo was taken offline on 11 November. But, it warned, it will be a temporary respite from the menace of spam.
"It is an unprecedented drop but will be a temporary outage as the networks move from North America to places where there is less scrutiny," said Jason Steer, a spokesman for Ironport. The Washington Post has been gathering data on McColo for the past four months and passed the information to its internet service providers, Global Crossing and Hurricane Electric. Both decided to pull the plug on the firm on Tuesday. It is believed that it hosted gangs running botnets - networks of computers that have been taken over by criminals to send malicious software and spam. According to MessageLabs, botnets are responsible for over 90% of spam. Increasingly the tech industry is fighting back.
Catching up with the 'internet pimps'
Nine people from Thailand have been jailed for up to two-and-a-half-years for their part in exploiting women who were advertised in "online brothels". They are thought to have made millions of pounds from women trafficked from Asia to the UK for use in the sex trade.
Every night thousands of men trawl websites in the UK advertising women offering sex for sale.
Many of them are run by prostitutes, or escorts as they often like to describe themselves, who are essentially self-employed entrepreneurs using the internet to cut out the pimps.
But some are advertising women who have been trafficked into the country and are being exploited for profit.
Oriental Gems was one such "online brothel", which as its name suggested, specialised in girls from the South East Asia.
A gallery on the site showed photographs of more than 60 naked and semi-naked women. Many of them were effectively commodities who had been traded and invested in by "bondholders".
Monday, November 10, 2008
Visa trials PIN payment card to fight online fraud
Visa cards with a built in one-time code generator are to be trialled by four European banks. The technology is designed to tackle the growing problem of online credit card fraud.
MBNA, a Bank of America company in the UK, Corner Bank in Switzerland, Cal in Israel and IW Bank in Italy are to take part in limited trials of Visa's new one-time code card.
The next-generation cards feature a numeric keypad on the back of a plastic card. Customers enter their PIN code to generate a one-time password. This code, displayed on a card’s display panel, is then used to authenticate online purchases.
The approach is an alternative to using a password when authenticating online purchases through the much-criticised Verified by Visa scheme. As previously reported, VbyV passwords can often be easily reset knowing only card details and a user's birthday.
The new cards, developed in conjunction with Australian firm Emue Technologies, are far more secure - though not infallible. Some banks have already introduced two-factor authentication technologies, which grew up in the corporate remote access market, to provide extra protection to online banking transactions.
Study shows how spammers cash in
Spammers are turning a profit despite only getting one response for every 12.5m e-mails they send, finds a study.
By hijacking a working spam network, US researchers have uncovered some of the economics of being a junk mailer. The analysis suggests that such a tiny response rate means a big spam operation can turn over millions of pounds in profit every year. It also suggests that spammers may be susceptible to attacks that make it more costly to send junk mail.
The spam study was carried out in early 2008 by computer scientists from University of California, Berkeley and UC, San Diego (UCSD). For their month-long study the seven-strong team of computer scientists infiltrated the Storm network that uses hijacked home computers as relays for junk mail. At its height Storm was believed to have more than one million machines under its control. The team, led by Assistant Professor Stefan Savage from UCSD, took over a chunk of the Storm network to make it easier to run their study.
Tuesday, November 04, 2008
Media Advisory: High-level intervention on ICTs and Climate Change and Cybersecurity
Press conference with Presidents of Burkina Faso and Rwanda
What: High-level meeting on Climate Change and ICTs and Cybersecurity: Press conference
When: 12 November 2008 at 11 am
Where: ITU Headquarters, Place des Nations, Geneva, Switzerland
Why: Climate Change:
- Combating Climate Change through information and communication technologies (ICT)
- Adapting to Climate Change: The Role of Emergency Telecommunications
- Managing cyberthreats through harmonized policies and organizational structures
- Addressing the technical and legal challenges of the borderless nature of cybercrime
- Protect children online: New ITU initiative to safeguard the most vulnerable users of the Internet
- ITU Global Cybersecurity Agenda: Towards an International Roadmap
- President of Burkina Faso H.E. Mr Blaise Compaoré
- President of Rwanda H.E. Mr Paul Kagame
- ITU Secretary-General, Dr Hamadoun Touré
Some 25 Ministers and leading policy makers, regulators and UN agencies will attend. See programme: www.itu.int/council/C2008/hls/programme.html
Read the Media Advisory...
Monday, November 03, 2008
Firms demand aid on hi-tech crime
UK businesses have little faith that the government is doing enough to tackle hi-tech crime, says a report.
Of those questioned 57% said any malicious hi-tech crime in the workplace would not be dealt with properly by the police.
Only 4% of respondents said they bothered to report every incident of hi-tech crime, it revealed.
The results come at a time when businesses report that they are almost under siege by cyber criminals.
The survey of the 3,500 members of the Corporate IT Forum, which represents technology managers at the UK's largest firms, found that 69% reported seeing increases in the amount of hi-tech crime committed against them.
Firms were being hit by viruses, denial of service attacks and website defacements, the survey said. The variety and intensity of attacks led many to believe that hi-tech crime has been taken over by professional criminals.
Said the survey: "It has... become too easy and too risk-free for criminals to become involved in cyber crime."
Responding to a question about what would make a difference, 48% of respondents called for "consistent and appropriate penalties for cyber criminals and cross-border e-crime legislation".
Undetectable data-stealing trojan nabs 500,000 virtual wallets
A well-organized crime gang has stolen credentials for more than a half-million financial accounts in less than three years using a sophisticated trojan that remains undetectable to the vast majority of its victims, a report published Friday warns.
The haul of bank, credit, and debit card account numbers stolen by the Sinowal trojan is among the largest ever discovered. It was unearthed by researchers at RSA's FraudAction Research Lab. They say the program, which is also known as Torpig and Mebroot, has been operating non-stop for almost three years, an unusually long time in the fly-by-night world of cybercrime.
"Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006," RSA researchers wrote.
Thursday, October 30, 2008
Cybercrime wave sweeping Britain
Cybercrime in the UK rose by more than 9% in 2007, according to a new report.
Online identity firm Garlik's cybercrime report claims that more than 3.5 million online crimes were committed in the UK last year.
The majority of crimes related to fraud and abusive or threatening e-mails. There was an 8% drop in online identity theft and sexual offences fell 2%.
Tom Ilube, of Garlick, said he expected to see a growth in online financial fraud due to the credit crunch.
In 2007, the sharpest rise was in online financial fraud, with more than 250,000 incidents reported in 2007; a 20% rise on the previous year.
The report highlighted a growing professionalism among online criminals, with personal and credit details being traded online.
Garlik said that the information black market had doubled, with more than 19,000 illicit traders identified.
Wednesday, October 29, 2008
Monday, October 27, 2008
Credit card fraud has amounted to 300 million pounds so far this year in the UK
The UK ITV's Tonight programme, Card Criminals Uncovered, conducted an investigation into credit card fraud in the UK in its programme which aired on 27 October 2008. Credit card fraud is estimated to have cost UK banks and consumers 300 million pounds so far this year.
The research team set up a false website, Gotcha Gadgets, selling hi-tech goods to track orders and credit card activity. The programme emphasized the truly international reach of credit card fraud. In one case, the goods were ordered in Ghana using a credit card registered in Venezuela, with goods being delivered to a UK address. Another woman had been duped by a man purportedly living in America whom she had met over a dating website into accepting goods bought using a stolen credit card, supposedly for an orphanage in Africa. The UK currently has an Electronic Crime Police Unit, but it operates only based out of London. The UK Government is taking new steps to address the issue of credit card fraud.
Alarm raised on teenage hackers
Increasing numbers of teenagers are starting to dabble in hi-tech crime, say experts.
Computer security professionals say many net forums are populated by teenagers swapping credit card numbers, phishing kits and hacking tips.
The poor technical skills of many young hackers means they are very likely to get caught and arrested, they say.
Youth workers added that any teenager getting a criminal record would be putting their future at risk.
"I see kids of 11 and 12 sharing credit card details and asking for hacks," said Chris Boyd, director of malware research at FaceTime Security.
Many teenagers got into low level crime by looking for exploits and cracks for their favourite computer games.
Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data. Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way."
Friday, October 24, 2008
Don't have security nightmares
How worried should we be about net security scares, asks Bill Thompson.
Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight.
Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to "clickjacking" and trick us into inadvertently visiting fake websites.
The longstanding fear that malicious software might start infecting our mobile phones was given a boost when the Information Security Center at US university Georgia Tech outlined how phone software could be hijacked to create "botnets" and allow handsets to be remotely controlled.
And now a group of researchers at the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne in Switzerland have shown that you can read what is typed on a keyboard from 20m away.
It takes some sophisticated equipment to do it, but with the right antennae and a bit of luck it seems you can detect the radio emissions coming from the wires that connect keyboards to computers and tell just what someone is typing.
Web content 'disturbing children'
Three out of four children have seen images on the internet that disturbed them, an NSPCC poll suggests.
The charity is renewing its call for computer manufacturers and retailers to install security to stop children finding violent or sexual content. The NSPCC, which polled visitors to its children's website There4me.com, said it was "alarmed" by the accessibility of potentially disturbing material. Some 377 of 497 votes cast claimed to have been disturbed by internet images.
One child posted a comment on a There4me message board saying: "I've seen violent images I didn't search for. I was freaked out." Another said his eight-year-old sister's search for "pictures of animals" generated pornography adverts. The NSPCC wants social networking and video hosting sites to remove offensive material within hours of finding it.
Policy adviser Zoe Hilton said the NSPCC was "alarmed" by how easy it was for children to access "disturbing internet material". She said: "Children are just a few clicks away from innocently stumbling across upsetting or even dangerous pictures and films such as adult sex scenes, violent dog fights, people self-harming and children being assaulted."
Woman in jail over virtual murder
A woman has been arrested in Japan after she allegedly killed her virtual husband in a popular video game.
The 43-year-old was reportedly furious at finding herself suddenly divorced in the online game Maplestory.
Police say she illegally accessed log-in details of the man playing her husband, and killed off his character.
The woman, a piano teacher, is in jail in Sapporo waiting to learn if she faces charges of illegally accessing a computer and manipulating data.
She was arrested on Wednesday and taken 620 miles (1,000 km) from her home in southern Miyazaki to Sapporo - where her "husband", a 33-year-old office worker lives.
If charged with the offences, and convicted, she faces up to five years in prison and a fine of up to $5,000.
Thursday, October 23, 2008
Commission welcomes European Parliament’s strong support for a new Safer Internet Programme
The European Parliament cast an overwhelmingly positive vote today on the report drafted by MEP Roberta Angelilli which supports the launch of a new EU Safer Internet programme. The 5-year programme (2009–13), proposed by the European Commission last February, will have a budget of € 55 million to combat illegal online content but also to tackle illegal and harmful conduct such as grooming and cyberbullying.
“Today’s children and teenagers face new challenges when they use Web 2.0 services. The EU will coordinate actions to empower children and protect them”, said Viviane Reding, EU Commissioner for Information Society and Media in response to the positive outcome of the vote in Parliament. “I am particularly glad that the Parliament addressed the Commission’s proposal so promptly and strongly endorsed our proposals to make the Internet safer for children. I am convinced that the new Safer Internet programme will play an important role in our understanding of the challenges regarding online risks for young people and children, and will provide concrete help to many young internet users and their parents.“
Today's vote during the European Parliament's plenary session in Strasbourg followed a debate on the Commission’s proposal, which was applauded by all political groups. Some MEPs even considered the programme as “one of the best things Europe could do”. The new Programme is now expected to be approved by the Council before the end of 2008.
Friday, October 17, 2008
Fraudsters' website shut in swoop
A website used by criminals to buy and sell credit card details and bank log-ins has been shut down after a police operation, the BBC has learned.
International forum Darkmarket ran for three years and led to fraud totalling millions of pounds.
Nearly 60 people connected with the site have been arrested in Manchester, Hull and London, as well as Germany, Turkey and the US.
The Serious Organised Crime Agency said it was "a one-stop shop" for criminals.
Soca deputy director Sharon Lemon told the BBC that one individual had spent £250,000 on personal data in just six weeks.
Had he realised the full potential of the information he had, he could have obtained up to £10m, she said.
Wednesday, October 15, 2008
Feds hamstring world's largest spam gang
US regulators have struck a body blow at two men accused of masterminding the world's largest spam enterprise by obtaining a court order that shuts down some half-dozen companies they operated and freezing assets earned in the operation.
Lance Atkinson, a New Zealand citizen living in Australia, and Jody Smith, a businessman from McKinney, Texas, stand accused of overseeing an operation that raked in millions of dollars sending billions of spam messages. According to a complaint filed by the Federal Trade Commission, the men recruited spammers from around the world to send unsolicited junk mail related to male-enhancement pills, prescription drugs, and other items.
Spam opponents cheered the FTC's action.
"They are probably the most prolific spammers at the moment," Richard Cox, CIO of Spamhaus.org said of Atkinson and Smith. "This is probably the first time that an action by law enforcement will affect the level of spam in people's inboxes."
Attempts to contact Atkinson and Smith for comment were not successful.
Using an affiliate program called "Affking," they were at one point believed to be responsible for one-third of the world's spam, according to the FTC. The men took great pains to distance themselves from the operation, creating a handful of shell companies located throughout the world to launder the large sums of money they brought in and to purchase domain names and credit card services.
According to the FTC's complaint, Atkinson has been involved in the spam trade for years and is the sole director and shareholder of Inet Ventures Pty Ltd of Australia. Even after the FTC obtained a $2.2m judgment against Atkinson in 2005, he continued to recruit spammers to promote his various websites, FTC attorneys said in court documents.
To bolster their claim, the attorneys included a December 2007 conversation between Atkinson and his brother Shane Atkinson shortly after he was contacted by the BBC and asked about Gencash, a spam operation allegedly maintained by the brothers.
Read more here
Monday, October 13, 2008
Organized crime tampers with European card swipe devices
Hundreds of card swipers used by retail stores across Europe are believed to have been tampered by organized crime syndicates in China and Pakistan, according to US National Counterintelligence Executive Joel Brenner.
Brenner told The Daily Telegraph that criminals have doctored chip and PIN machines either during manufacturing in China or shortly after leaving the production line in order to send shopper credit card account details overseas. The devices were then expertly resealed and exported to Britain, Ireland, the Netherlands, Denmark, and Belgium.
"Previously only a nation state's intelligence service would have been capable of pulling off this type of operation," Brenner told the publication. "It's scary."
Hundreds of devices have been copying credit and debit card details over the past nine months and sending the data by way of mobile phone networks to tech-savvy criminals in Lahore, Pakistan, The Telegraph reports.
Phishers adapt old scams to exploit bank turmoil
Scammers are exploiting meltdown in the banking sector in an attempt to trick users into handing over sensitive financial information.
Phishing emails commonly pose as security checks from a prospective mark's bank. The latest generation of the scam imitates communiques about bank mergers.
US consumer watchdog the Federal Trade Commission warned customers on Thursday not to take the bait. The FTC's alert - Bank Failures, Mergers and Takeovers: A "Phish-erman’s Special" - can be found here.
Although phishing scams have been around for at least five years - if not more - there are still plenty of suckers around to keep the scam profitable, even without considering the extra confusion added by the current banking crisis.
Wednesday, October 08, 2008
Net game turns PC into undercover surveillance zombie
Underscoring the severity of a new class of vulnerability known as clickjacking, a blogger has created a proof-of-concept game that uses a PC's video cam and microphone to secretly spy on the player.
The demo, which is available here, appears to be a simple game that tests how quickly a user can click on a series of moving targets. Behind the scenes, it combines a generic clickjacking attack with weaknesses in Adobe's Flash technology to record the player using the PC's video camera and microphone.
The proof of concept is a powerful demonstration of the spooky implications behind clickjacking. The vulnerability allows malicious webmasters to control the links visitors click on. Once lured to a booby-trapped page, a user may think he's clicking on a link that leads to Google - when in fact it takes him to a money transfer page, a banner ad that's part of a click-fraud scheme, or any other destination the attacker chooses.
It plagues every major browser, Adobe Flash, and many other browsing technologies, according to Jeremiah Grossman and Robert "RSnake" Hansen, the researchers who first sounded the clickjacking alarm. The pair was scheduled to detail the threat two weeks ago at at OWASP's AppSec 2008 Conference in New York, but canceled the talk at the request of Adobe.
For more information, see here.
Shell fingers IT contractor in theft of employee data
October 6, 2008 (IDG News Service) Shell Oil Co. is warning its employees that an IT contractor used the personal data of four Shell workers as part of an unemployment insurance claims scam in Texas.
Shell Oil, the U.S. subsidiary of Royal Dutch Shell PLC, began notifying employees of the data breach on Friday, via a written notice that was posted on the Houston-based company's Web site.
Shell spokeswoman Robin Lebovitz said company officials noticed early last month that someone had used Shell employee data to file fake unemployment compensation claims with the Texas Workforce Commission (TWC). After investigating, Shell determined that an employee of a third-party contractor had misused information stored in a corporate database, Lebovitz said.
For more information, see here.
Wednesday, October 01, 2008
UK banking fraud losses rise to £301.7m
UK banking losses due to fraud in the first half of 2008 hit £301.7m compared to £263.6m in the same period last year, according to the latest figures from UK banking association APACS.
Fraud abroad made up 40 per cent of total card fraud losses reaching £121.2m in the period, up 11 per cent of the £108.8m lost last year. That loss was through tactics such as the use of counterfeit plastic cards with stolen PINs on machines overseas that only check magnetic strips, not chips.
Once the European banking industry meets its target on the roll-out of plastic cards and readers that rely on chip-based technology - due to be completed by 2010 - this type of fast-growing scam will be contained, APACS predicts.
Card-not-present fraud (a category that includes ecommerce fraud as well as phone and mail order scams) also rose 18 per cent to reach £161.9m for the first six months of 2008, according to APACS stats published on Wednesday. This type of fraud has trebled - up 207 per cent - since 2001 but over the same six month period ecommerce transactions increased 415 per cent; so these particular figures, although hardly encouraging, are not quite as bad as they might first appear.
Read Full Story
Saturday, September 13, 2008
ITU TELECOM Asia 2008 - Interview with ITU Secretary-General Dr Hamadoun I. Toure
ITU Secretary-General Dr Hamadoun I. Touré is interviewed by Tony Poulos from TelecomTV on the theme of ITU Telecom Asia 2008: New Generation, New Values.
Dr Touré explains how Information and Communication Technologies (ICT), being the tools for all other sectors of economy, are key to achieving United Nations Millennium Development Goals by 2015. Other subjects such as climate change and cybersecurity are also discussed in the course of the interview. [Full video interview...]
Thursday, September 04, 2008
ITU’s Global Cybersecurity Agenda housed in Malaysia - Centre to combat cyber threats established near Kuala Lumpur
ITU concluded an agreement with the International Multilateral Partnership Against Cyber-Terrorism (IMPACT) to operationalize the ITU Global Cybersecurity Agenda (GCA). IMPACT’S state-of-the-art global headquarters in Cyberjaya, Kuala Lumpur will be the home of ITU’s Global Cybersecurity Agenda.
The collaboration between ITU and IMPACT is aimed at building synergies to provide:
- Real-time analysis, aggregation and dissemination of global cyber threat information
- Early warning system and emergency response to global cyber threats
- Training and skills development on the technical, legal and policy aspects of cybersecurity
The agreement is in line with the decision of the World Summit on the Information Society to build security and confidence in the use of information and communication technologies (ICT). The Summit also called for the coordination of multi-stakeholder implementation of information exchange, creation of knowledge, sharing of best practices, and assistance in developing public/private partnerships.
The Memorandum of Understanding was signed in Bangkok during ITU TELECOM ASIA 2008 by ITU Secretary-General Dr Hamadoun Touré and Chairman of the IMPACT Management Board Mr Mohammad Noor Amin. [More...]
Wednesday, August 20, 2008
Conference on planetary emergencies in Erice, Italy: Dr Hamadoun Touré, ITU Secretary-General, warns about pervasive computer use
Extract from the International Herald Tribune: ...More than 120 scientists, engineers, analysts and economists from 30 countries were hunkered down here for the 40th annual conference on "planetary emergencies." The term was coined by Antonino Zichichi, a native son and a theoretical physicist who has made Erice a hub for experts to discuss persistent, and potentially catastrophic, global challenges...
... In a session on information security, Hamadoun Toure, Secretary-General of the International Telecommunication Union, warned that pervasive computer use, while offering the prospect of a global "knowledge society," also made billions of individuals into potential superpowers. "Every single brain on earth is equal and can trigger an attack," he said... [Full article on the International Herald Tribune]
Monday, July 21, 2008
ITU TELECOM ASIA Forum to address cybersecurity
TELECOM Forum: Security, Privacy and Trust - Who Protects Whom? And From What?
In an increasingly networked world, achieving cybersecurity and cyberpeace is critically important. Recognizing the magnitude of the issue, the World Summit on the Information Society (WSIS) called for building confidence and security in the use of ICTs. And ITU, in keeping with its lead role, launched the Global Cybersecurity Agenda (GCA) to fast-track a global response to enhance cybersecurity.
Considering the major role that ICTs play as an engine of growth in the world economy, the ITU TELECOM Forum in Bangkok, Thailand will address the key issues of security, privacy and trust.
Huge investments have been made worldwide to put government services online, and cross-border collaboration is critical for the effective implementation of those services. Users are often rightly suspicious about technology that aggregates massive amounts of personal data which, in the hands of identity thieves and cyber criminals, could lead to disastrous consequences.
How can the rights and privacy of citizens be safeguarded while still facilitating the convenience of electronic identity systems? What principles have been learned and where should attention be focused? This Forum session at ITU TELECOM ASIA will dig deep to find the answers! [More...]