Hacker Journals
Blog for Hackers
Cybercrime cost firms $1 trillion globally
29 January 09 08:44 PM
Data theft and breaches from cybercrime may
have cost businesses as much as $1 trillion
globally in lost intellectual property and
expenditures for repairing the damage last
year, according to a new study from McAfee.
McAfee made the projection based on responses to a survey of more than 800 chief information officers in the U.S., United Kingdom, Germany, Japan, China, India, Brazil, and Dubai.
The respondents estimated that they lost data worth a total of $4.6 billion and spent about $600 million cleaning up after breaches, McAfee said.
McAfee made the projection based on responses to a survey of more than 800 chief information officers in the U.S., United Kingdom, Germany, Japan, China, India, Brazil, and Dubai.
The respondents estimated that they lost data worth a total of $4.6 billion and spent about $600 million cleaning up after breaches, McAfee said.
|
User data stolen from job site Monster
29 January 09 08:44 PM
User information, including passwords, has
been stolen from job site Monster, the
company has announced.
Monster's database of user account information--which includes user IDs, passwords, e-mail addresses, names, phone numbers, and some demographic data--was illegally accessed and information was taken, the company said on Friday.
The information that was stolen did not include resumes or sensitive information like Social Security numbers and financial data. But someone could use the data that was breached to contact Monster users and use social engineering to trick them out of their information.
Monster's database of user account information--which includes user IDs, passwords, e-mail addresses, names, phone numbers, and some demographic data--was illegally accessed and information was taken, the company said on Friday.
The information that was stolen did not include resumes or sensitive information like Social Security numbers and financial data. But someone could use the data that was breached to contact Monster users and use social engineering to trick them out of their information.
Obama's PDA
24 January 09 06:45 AM
This
is the most secure PDA used by the CIA. Obama
has been give one of this.
The Sectéra looks like most P.D.A.’s, and operates like one when in normal mode. But a press of a button on the front of the device engages “classified mode” (for added effect, the screen background turns red when this mode is activated). It works on GSM and CDMA networks
The Sectéra looks like most P.D.A.’s, and operates like one when in normal mode. But a press of a button on the front of the device engages “classified mode” (for added effect, the screen background turns red when this mode is activated). It works on GSM and CDMA networks
Study: Data breaches rose in 2008
21 January 09 08:45 PM
eports of data breaches in the United States
increased 47 percent in 2008 from the year
before, mostly as a result of lost or stolen
equipment, and accidental exposure of data
online, according to a
new study
from the nonprofit Identity Theft Resource
Center.
There were 656 reports of breaches last year, compared with 446 for 2007, and an estimated 35.7 million records were potentially breached based on notification letters and information from breached companies, the study released this week found.
The breaches run the gamut, including: laptops stolen from Merrill Lynch and Starbucks; bank card information stolen from fake card readers at gas stations in Georgia; Ohio State University student Social Security numbers exposed on the Internet; a former Library of Congress employee using co-workers' data to open bogus credit card accounts; a Seattle school district inadvertently releasing teacher data to a union; financial information on mortgage files abandoned outside a Boise recycling center; and the World Bank Group's computer network being penetrated.
The reports of insider theft more than doubled to represent 15.7 percent of the breaches, while more than a third of the breaches were a result of data on the move, such as stolen laptops, and accidental exposure.
Breaches from data theft by employees doubled, to nearly 16 percent, while hacking and use of data-stealing software represented about 14 percent of the breaches. Only 2.4 percent of all breaches had encryption or other protection methods in use, and only 8.5 percent of victims using password protection.
More than 80 percent of the breaches were electronic in nature, with the rest involving paper documents.
There were 656 reports of breaches last year, compared with 446 for 2007, and an estimated 35.7 million records were potentially breached based on notification letters and information from breached companies, the study released this week found.
The breaches run the gamut, including: laptops stolen from Merrill Lynch and Starbucks; bank card information stolen from fake card readers at gas stations in Georgia; Ohio State University student Social Security numbers exposed on the Internet; a former Library of Congress employee using co-workers' data to open bogus credit card accounts; a Seattle school district inadvertently releasing teacher data to a union; financial information on mortgage files abandoned outside a Boise recycling center; and the World Bank Group's computer network being penetrated.
The reports of insider theft more than doubled to represent 15.7 percent of the breaches, while more than a third of the breaches were a result of data on the move, such as stolen laptops, and accidental exposure.
Breaches from data theft by employees doubled, to nearly 16 percent, while hacking and use of data-stealing software represented about 14 percent of the breaches. Only 2.4 percent of all breaches had encryption or other protection methods in use, and only 8.5 percent of victims using password protection.
More than 80 percent of the breaches were electronic in nature, with the rest involving paper documents.
Fake CNN site from phishing e-mail hides a Trojan
21 January 09 08:43 PM
new e-mail that is circulating looks like it
comes from CNN and links to a fake CNN Web
page offering "graphic" video related to the
Israel-Hamas conflict but instead hosts a
Trojan that steals sensitive data, RSA said
on Thursday.
When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an "SSL stealer" Trojan that captures financial and other sensitive information, RSA said in a blog.
The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said Sam Curry, vice president of product management and strategy at RSA.
The social-engineering attack is different in that the e-mail pretends to come from a media company and then tries to steal financial data, he said. "Normally when you get phished they send you an e-mail pretending to be from a bank or other financial institution," he said.
RSA discovered the attack early on Wednesday and has worked with others to get the fake site shut down. At a peak on Thursday as many as 80,000 of the phishing e-mails were being sent out, according to Curry.
When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an "SSL stealer" Trojan that captures financial and other sensitive information, RSA said in a blog.
The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said Sam Curry, vice president of product management and strategy at RSA.
The social-engineering attack is different in that the e-mail pretends to come from a media company and then tries to steal financial data, he said. "Normally when you get phished they send you an e-mail pretending to be from a bank or other financial institution," he said.
RSA discovered the attack early on Wednesday and has worked with others to get the fake site shut down. At a peak on Thursday as many as 80,000 of the phishing e-mails were being sent out, according to Curry.
Hackers Breach Major Credit Card Processor
21 January 09 08:39 PM
A major credit card processor, Heartland,
revealed this week that hackers have breached
its system, allowing up to 100 million
illegal duplicate credit card payments to be
made per month.
The company said it was contacted about suspicious activities by Visa and Mastercard, and that a hacker planted software that stole credit card data from Heartland's networks.
Heartland processes credit cards for about 250,000 companies. The company claims no social security numbers, encrypted personal identification numbers, addresses or telephone numbers were stolen.
The breach happened some time in 2008, Robert Baldwin, Heartland's president and chief financial officer said. Technology watchers say this could be a record-setting compromise of credit card data.
Baldwin said his company has been cooperating with the Secret Service and the Justice Department. Officials think that the attack was perpetrated by a sophisticated group that has hacked into other financial institutions. Baldwin told USA Today that Heartland will notify victims that their information was stolen after the situation is sorted out.
The company said it was contacted about suspicious activities by Visa and Mastercard, and that a hacker planted software that stole credit card data from Heartland's networks.
Heartland processes credit cards for about 250,000 companies. The company claims no social security numbers, encrypted personal identification numbers, addresses or telephone numbers were stolen.
The breach happened some time in 2008, Robert Baldwin, Heartland's president and chief financial officer said. Technology watchers say this could be a record-setting compromise of credit card data.
Baldwin said his company has been cooperating with the Secret Service and the Justice Department. Officials think that the attack was perpetrated by a sophisticated group that has hacked into other financial institutions. Baldwin told USA Today that Heartland will notify victims that their information was stolen after the situation is sorted out.
Duplicating keys from a photograph
25 November 08 04:48 PM
Nowadays you don't need a locksmith or even
lock-picking tools to get past a locked door
without a key--you can do it using software,
a photograph of the key, and a key-cutting
machine.
Researchers from the University of California at San Diego have developed software called "Sneakey" that enables anyone to make duplicates of keys without needing a sample key.
Researchers from the University of California at San Diego have developed software called "Sneakey" that enables anyone to make duplicates of keys without needing a sample key.
Symantec says Internet underground economy is organized and rich
25 November 08 04:31 PM
Did you know that you can buy a keystroke
logger for $23 or pay $10 to have someone
host your phishing scam? Having a botnet at
your fingertips will cost you $225, and a
tool that exploits a vulnerability on a
banking site averages $740 and runs as high
as $3,000.
That's according to the Symantec Report on the Internet Underground Economy.
That's according to the Symantec Report on the Internet Underground Economy.
U.S. vulnerable to Chinese cyber espionage
25 November 08 04:26 PM
China is actively conducting cyber espionage
as a warfare strategy and has targeted U.S.
government and commercial computers,
according to a new report from the U.S.-China
Economic and Security Review Commission.
"China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report (PDF) delivered to Congress on Thursday.
The report cites news articles and testimony from U.S. officials like Col. Gary McAlum, chief of staff for the U.S. Strategic Command's Joint Task Force for Global Network Operations. It concludes that Chinese cyber attacks, authoritarian rule, and trade violations are impediments to U.S. economic and national security interests.
The U.S. government also is at risk as a result of the global computer supply chain, the commission said. Computer components used by the U.S. and manufactured in China are "vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation," the report said. Hundreds of counterfeit routers made in China were found in systems throughout the Defense Department, it said.
"China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report (PDF) delivered to Congress on Thursday.
The report cites news articles and testimony from U.S. officials like Col. Gary McAlum, chief of staff for the U.S. Strategic Command's Joint Task Force for Global Network Operations. It concludes that Chinese cyber attacks, authoritarian rule, and trade violations are impediments to U.S. economic and national security interests.
The U.S. government also is at risk as a result of the global computer supply chain, the commission said. Computer components used by the U.S. and manufactured in China are "vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation," the report said. Hundreds of counterfeit routers made in China were found in systems throughout the Defense Department, it said.
IT admin used inside knowledge to hack and steal
14 November 08 01:59 AM
A former San Jose network administrator is
facing 12 years in prison after pleading
guilty to hacking, ID theft, burglary and
drug charges.
"This was one of the most sophisticated computer crimes our office has prosecuted," said Ben Field, Santa Clara's deputy district attorney. "There's computer intrusion in the first place, there's the introduction of spyware, there's the theft of proprietary data from a computer network and sometimes the destruction of proprietary data from a computer network."
One of Madrid's victims was his former employer, a Sunnyvale, California, high-technology company. According to Field, Madrid destroyed data on the company's servers in the hope that "they would ask him to come back and fix the very problem that he created."
The District Attorney's office declined to name any of the victims of Madrid's crimes.
To make his hacking harder to trace, Madrid would often use his neighbor's open wireless networks, Field said.
Posing as a security guard or an IT worker, he also breezed through Bay Area companies late at night looking for laptops and other computer equipment to steal, Field said. "He had a good eye for what was valuable," Field said.
Madrid sometimes gained access to different parts of the building by picking up security badges he found lying in unoccupied cubes, Field said.
If stopped by company employees, "he would talk to them as if he was completely justified in being there," Field said. "Like he was an IT person doing some work or a security guard making sure the place was secure."
"Being a former network administrator, he could talk the talk as an IT guy," he added.
Madrid even wore clothes that resembled a security guard's uniform, Field said.
In another scheme, Madrid would change bar-code tags on computer equipment in stores in order to pay retailers less than the value of their merchandise. He sometimes manufactured his own price tags.
"This was one of the most sophisticated computer crimes our office has prosecuted," said Ben Field, Santa Clara's deputy district attorney. "There's computer intrusion in the first place, there's the introduction of spyware, there's the theft of proprietary data from a computer network and sometimes the destruction of proprietary data from a computer network."
One of Madrid's victims was his former employer, a Sunnyvale, California, high-technology company. According to Field, Madrid destroyed data on the company's servers in the hope that "they would ask him to come back and fix the very problem that he created."
The District Attorney's office declined to name any of the victims of Madrid's crimes.
To make his hacking harder to trace, Madrid would often use his neighbor's open wireless networks, Field said.
Posing as a security guard or an IT worker, he also breezed through Bay Area companies late at night looking for laptops and other computer equipment to steal, Field said. "He had a good eye for what was valuable," Field said.
Madrid sometimes gained access to different parts of the building by picking up security badges he found lying in unoccupied cubes, Field said.
If stopped by company employees, "he would talk to them as if he was completely justified in being there," Field said. "Like he was an IT person doing some work or a security guard making sure the place was secure."
"Being a former network administrator, he could talk the talk as an IT guy," he added.
Madrid even wore clothes that resembled a security guard's uniform, Field said.
In another scheme, Madrid would change bar-code tags on computer equipment in stores in order to pay retailers less than the value of their merchandise. He sometimes manufactured his own price tags.
Suing God
12 November 08 03:07 PM
Former state Sen. Ernie Chambers filed a
lawsuit against God in Nebraska's 4th
Judicial District Court. Chambers, a
political independent who served in the
Legislature for 38 years before retiring in
April, sought "a permanent injunction" to
"cease harmful activities," claiming the
defendant caused "fearsome floods, egregious
earthquakes, horrendous hurricanes,
terrifying tornadoes, pestilential plagues,
ferocious famines, [and] devastating droughts
… resulting in the wide-spread death,
destruction and terrorization of millions."
Chinese Hackers Penetrate White House Computers
12 November 08 08:25 AM
The cyber attackers obtained e-mails between
government officials and stole information
before U.S. computer experts fixed the
system, a senior U.S. official told the
Financial Times.
U.S. government cyber intelligence experts suspect the attacks were sponsored by the Chinese government because of their targeted nature. They added that it is difficult to trace the exact source of an attack beyond a server in a particular country.
Newsweek magazine reported Wednesday that a foreign power hacked into the computer systems of both John McCain's and Barack Obama's presidential campaigns.
Obama's team concluded on its own that the hackers were Russian or Chinese and probably were seeking foreign policy information.
A federal law enforcement source confirmed the Newsweek story to FOX News and described the incident as "fairly significant."
U.S. government cyber intelligence experts suspect the attacks were sponsored by the Chinese government because of their targeted nature. They added that it is difficult to trace the exact source of an attack beyond a server in a particular country.
Newsweek magazine reported Wednesday that a foreign power hacked into the computer systems of both John McCain's and Barack Obama's presidential campaigns.
Obama's team concluded on its own that the hackers were Russian or Chinese and probably were seeking foreign policy information.
A federal law enforcement source confirmed the Newsweek story to FOX News and described the incident as "fairly significant."
Black Hat expels reporters in network snooping
08 August 08 06:36 PM
LAS VEGAS--Three journalists for a French security magazine were kicked out of the Black Hat security conference after they allegedly sniffed the press room computer network on Thursday.
The journalists work for Global Security Mag, which was a media sponsor of the event. Two of the men, Dominique Jouniot and Mauro Israel, could not be reached for comment.
The third, Marc Brami, director of the magazine, told CNET News later that he blamed Israel for the incident, which Brami described as "a joke." Brami said Israel is a security expert who occasionally blogs and network sniffing as a prank. Brami said he did not know what Israel was up to until it was too late.
"It was a big mistake," Brami said via telephone. "(Israel) said it was a joke and that he didn't think it was important."
Organizers required the men to leave the conference, confiscated their badges, and barred them from Defcon, a sister security conference that runs over the weekend, and from all future events, a Black Hat representative said.
Flash drive used to steal Countrywide customer data
02 August 08 01:34 PM
Struggling home mortgage lender Countrywide,
already hit hard by the lending crisis and an
investigation into potential fraud at the
company, now faces another crisis: One of its
former employees has been charged for
allegedly stealing personal information about
customers.
Rene Rebollo was arrested on Friday by agents with the Federal Bureau of Investigation (FBI) in California, who say he stole and then sold personal information about Countrywide customers throughout the country over a two-year period.
Rebollo worked as a senior financial analyst for Countrywide Home Loan's subprime mortgage division, where he had access to Countrywide databases containing customer data, according to the complaint against him. Using his computer at work, he saved the customer data onto his own flash drives to remove it from the office, the FBI alleges. About a month ago, during an interview by FBI agents, Rebollo admitted he gave out the account information to third parties, according to the complaint.
Rene Rebollo was arrested on Friday by agents with the Federal Bureau of Investigation (FBI) in California, who say he stole and then sold personal information about Countrywide customers throughout the country over a two-year period.
Rebollo worked as a senior financial analyst for Countrywide Home Loan's subprime mortgage division, where he had access to Countrywide databases containing customer data, according to the complaint against him. Using his computer at work, he saved the customer data onto his own flash drives to remove it from the office, the FBI alleges. About a month ago, during an interview by FBI agents, Rebollo admitted he gave out the account information to third parties, according to the complaint.
Stolen: Google employees' personal data
13 July 08 09:43 PM
Google has confirmed that personal data of
U.S. employees hired prior to 2006 have been
stolen in a recent burglary.
Records kept at Colt Express Outsourcing Services, an external company Google and other companies use to handle human resources functions, were stolen in a burglary on May 26. An undisclosed number of employees' details and those of dependents such as names, addresses, and Social Security numbers were on the stolen computers. It is understood that Colt did not employ encryption to protect the information.
It's still unclear how many more of Colt Express' clients were affected by the breach. CBS' CNET Networks, publisher of News.com, was also affected by the burglary, with about 6,500 employees' details stolen.
Although there is no evidence of misuse of the data to date, the information obtained could be used by identity thieves to create fake accounts and identities.
Records kept at Colt Express Outsourcing Services, an external company Google and other companies use to handle human resources functions, were stolen in a burglary on May 26. An undisclosed number of employees' details and those of dependents such as names, addresses, and Social Security numbers were on the stolen computers. It is understood that Colt did not employ encryption to protect the information.
It's still unclear how many more of Colt Express' clients were affected by the breach. CBS' CNET Networks, publisher of News.com, was also affected by the burglary, with about 6,500 employees' details stolen.
Although there is no evidence of misuse of the data to date, the information obtained could be used by identity thieves to create fake accounts and identities.
HP ships USB sticks with malware
19 June 08 11:39 AM
Hewlett-Packard has released a batch of USB
keys for numerous Proliant server models
which contain malware that could allow an
attacker to take over an infected system.
The worms contained on the 256KB and 1GB USB drives have been identified as W32.Fakerecy and W32.SillyFDC. The worms spread by copying themselves to removable or mapped drives and affect systems running Windows 98, Windows 95, Windows XP, Windows Me, Windows NT and Windows 2000
The worms contained on the 256KB and 1GB USB drives have been identified as W32.Fakerecy and W32.SillyFDC. The worms spread by copying themselves to removable or mapped drives and affect systems running Windows 98, Windows 95, Windows XP, Windows Me, Windows NT and Windows 2000
Murderer nabbed via tracking, Web search
19 June 08 11:37 AM
Davidson's legal
travails began on January 16, 2005, when she
told the U.S. Air Force that her husband
Michael Severance, an airman, had been
missing since the day before. Air Force
investigators and the San Angelo Police
Department began parallel investigations,
which led them to conclude it was unlikely
that Severance had deserted.
Air Force Special Agent Greg McCormick did learn early on that Davidson owned a horse on a ranch, but investigators didn't know where it was. In hopes that Davidson would lead them to it, Air Force agents placed a tracking device on the underside of her car in the middle of the night on February 26.
One day later, "data retrieved from the device" showed that Davidson had driven to a ranch owned by Terrell Sheen, who told agents that he boarded horses including Davidson's and that they were welcome to search the property. The Air Force agents did: it proved to be an expansive ranch that included a barn, mobile homes, fenced corrals, and ponds.
Their search did not find Severance, the missing airman. On March 5, a Texas Ranger and a San Angelo sergeant interviewed Davidson at the veterinary clinic where she worked. They already knew at this point (it's unclear how they knew this) that the computer had been used to perform Internet searches on topics including polygraphs and the phrase "decomposition of a body in water." The police said Davidson became defensive when asked about the pond on Sheen's ranch and her Internet searches.
What you might expect to happen did, in fact, take place. Michael Severance's body was found in one of the ponds, with Davidson claiming she moved the body to protect a family member who might have been the murderer.
Air Force Special Agent Greg McCormick did learn early on that Davidson owned a horse on a ranch, but investigators didn't know where it was. In hopes that Davidson would lead them to it, Air Force agents placed a tracking device on the underside of her car in the middle of the night on February 26.
One day later, "data retrieved from the device" showed that Davidson had driven to a ranch owned by Terrell Sheen, who told agents that he boarded horses including Davidson's and that they were welcome to search the property. The Air Force agents did: it proved to be an expansive ranch that included a barn, mobile homes, fenced corrals, and ponds.
Their search did not find Severance, the missing airman. On March 5, a Texas Ranger and a San Angelo sergeant interviewed Davidson at the veterinary clinic where she worked. They already knew at this point (it's unclear how they knew this) that the computer had been used to perform Internet searches on topics including polygraphs and the phrase "decomposition of a body in water." The police said Davidson became defensive when asked about the pond on Sheen's ranch and her Internet searches.
What you might expect to happen did, in fact, take place. Michael Severance's body was found in one of the ponds, with Davidson claiming she moved the body to protect a family member who might have been the murderer.
Man Cleared of Child Porn Charges After Hiring Computer Forensics Expert
19 June 08 11:31 AM
Here's a lesson for computer neophytes --
when you get accused of having child porn on
your computer, subsequently get fired, lose
your friends and family and face prosecution
-- hire a
computer
forensic expert to clear your name --
assuming you're innocent of course.
That's what Michael Fiola, a former employee of the Commonwealth of Massachusetts did after getting fired for having child porn on his laptop. After a cursory examination, state investigators did in fact find child porn, which Fiola swore he didn't download and wouldn't even know how.
With charges that he downloaded images of child pornography onto his notebook filed against him, the 53-year-old Fiola became a pariah in his community, was shunned by friends and family and watched his wife develop a stress-related illness.
Fiola finally hired forensic computer expert Tami Loehrs of Tuscon, Ariz. to get to the bottom of the nightmare. The trouble began after Fiola, an investigator for the Department of Industrial Accidents, was issued a new laptop by the DIA in Nov. 2006 after his originally-issued laptop was stolen.
After Loehr's report was completed, charges were dropped aginst Fiola. "The overall forensics of the laptop suggest that it had been compromised by a virus," said Jake Wark, spokesman for Suffolk District Attorney Daniel Conley, according to the Boston Herald.
As for Fiola, he moved to Rhode Island and now works for another company. The DIA doesn't want him back and told the Boston Herald that it "stands by its decision" in terminating him. The Herald also quotes Fiola saying that he plans on suing the DIA for "destroying our lives."
http://www.crn.com/security/208700507
That's what Michael Fiola, a former employee of the Commonwealth of Massachusetts did after getting fired for having child porn on his laptop. After a cursory examination, state investigators did in fact find child porn, which Fiola swore he didn't download and wouldn't even know how.
With charges that he downloaded images of child pornography onto his notebook filed against him, the 53-year-old Fiola became a pariah in his community, was shunned by friends and family and watched his wife develop a stress-related illness.
Fiola finally hired forensic computer expert Tami Loehrs of Tuscon, Ariz. to get to the bottom of the nightmare. The trouble began after Fiola, an investigator for the Department of Industrial Accidents, was issued a new laptop by the DIA in Nov. 2006 after his originally-issued laptop was stolen.
After Loehr's report was completed, charges were dropped aginst Fiola. "The overall forensics of the laptop suggest that it had been compromised by a virus," said Jake Wark, spokesman for Suffolk District Attorney Daniel Conley, according to the Boston Herald.
As for Fiola, he moved to Rhode Island and now works for another company. The DIA doesn't want him back and told the Boston Herald that it "stands by its decision" in terminating him. The Herald also quotes Fiola saying that he plans on suing the DIA for "destroying our lives."
http://www.crn.com/security/208700507
Hacker Posts Chilean Government Data on 6 Million
13 May 08 10:12 AM
An anonymous hacker has posted personal data
about 6 million Chilean residents on the
Internet, highlighting wider privacy problems
in the country.
The data was posted early Saturday morning on Fayerwayer.com, a popular Chilean technology blog.
The hacker, who calls himself "Anonymous Coward," posted three compressed files of data that included names, addresses, telephone numbers and taxpayer identification numbers for Chilean residents, said Leo Prieto, Fayerwayer.com's director.
A site editor spotted the data, posted in Fayerwayer's comments section, at 2 a.m. local time on Saturday. He immediately removed the files and contacted Chilean police, who responded two hours later, Prieto said.
But over the following days the files started popping up on other sites including Google's Blogger, Prieto said. "There's never been anything like this," he said. "People are alarmed."
In a note accompanying the files, Anonymous Coward said he posted the databases to draw attention to the poor data protection measures in the country of 16 million people.
The files include tips on what to do with the data and how best to access it.
"If you're going to extract data from a server, it's recommended to make a script that doesn't connect directly to the server, but rather via [anonymous proxies]," the hacker wrote.
Anonymous Coward also claimed that the files include information on the daughter of Chilean president Michelle Bachelet. "Bachelet's daughter has a school pass, although it's not given to many people because their parents have earnings above a certain threshold," he wrote.
The data breach has been front page news in Chile, where it was first reported Sunday by the newspaper El Mercurio.
The data was posted early Saturday morning on Fayerwayer.com, a popular Chilean technology blog.
The hacker, who calls himself "Anonymous Coward," posted three compressed files of data that included names, addresses, telephone numbers and taxpayer identification numbers for Chilean residents, said Leo Prieto, Fayerwayer.com's director.
A site editor spotted the data, posted in Fayerwayer's comments section, at 2 a.m. local time on Saturday. He immediately removed the files and contacted Chilean police, who responded two hours later, Prieto said.
But over the following days the files started popping up on other sites including Google's Blogger, Prieto said. "There's never been anything like this," he said. "People are alarmed."
In a note accompanying the files, Anonymous Coward said he posted the databases to draw attention to the poor data protection measures in the country of 16 million people.
The files include tips on what to do with the data and how best to access it.
"If you're going to extract data from a server, it's recommended to make a script that doesn't connect directly to the server, but rather via [anonymous proxies]," the hacker wrote.
Anonymous Coward also claimed that the files include information on the daughter of Chilean president Michelle Bachelet. "Bachelet's daughter has a school pass, although it's not given to many people because their parents have earnings above a certain threshold," he wrote.
The data breach has been front page news in Chile, where it was first reported Sunday by the newspaper El Mercurio.
Data for 6,000 UCSF patients gets exposed online
03 May 08 03:59 PM
Personal data for more than 6,000 UCSF
patients was exposed online for more than
three months last year, according to
the
San Francisco
Chronicle.
The news is troubling on multiple levels. First off, it poses the risk that sensitive health information could be used against those patients by employers, health insurers, and others. It also could have allowed fraudsters to use the data to commit medical identity theft and get medical treatment and drugs without paying.
Also, while it's unclear exactly how the data breach happened, it's fairly clear that it arose after the hospital shared the data with a third party, Target America, hired to go through the patient database and find people to solicit donations from.
And finally, it took the hospital nearly six months to notify the 6,313 affected patients about the privacy invasion.
The news is troubling on multiple levels. First off, it poses the risk that sensitive health information could be used against those patients by employers, health insurers, and others. It also could have allowed fraudsters to use the data to commit medical identity theft and get medical treatment and drugs without paying.
Also, while it's unclear exactly how the data breach happened, it's fairly clear that it arose after the hospital shared the data with a third party, Target America, hired to go through the patient database and find people to solicit donations from.
And finally, it took the hospital nearly six months to notify the 6,313 affected patients about the privacy invasion.
After Web defacement, university warns of data breach
30 April 08 12:33 PM
Two weeks after discovering that its Web site
had been used by hackers to flog fancy
wedding rings, Southern Connecticut State
University is notifying 11,000 current and
former students that their Social Security
numbers may have been compromised.
The personal data was in a file on the university's Web server, which was accessed by criminals who were using the university's site as part of a spam operation, said Patrick Dilger, the university's director of public affairs. "The hackers were using our Web server as a host for their own Web site," he said.
Pages on the university's site contained ads for diamond rings, Viagra and Cialis. After noticing the ads on April 9, IT staff discovered the file containing the sensitive information. "When we were doing the security review after the hacker incident, we saw this file there and it wasn't properly secured, so it could have been targeted by someone," Dilger said.
The university believes that the hackers came from outside the U.S., and it is working with the Connecticut attorney general's office to investigate, Dilger said.
The file on the Web server contained names, addresses and Social Security numbers of students who had registered to graduate from the school, dating back to 2002.
The personal data was in a file on the university's Web server, which was accessed by criminals who were using the university's site as part of a spam operation, said Patrick Dilger, the university's director of public affairs. "The hackers were using our Web server as a host for their own Web site," he said.
Pages on the university's site contained ads for diamond rings, Viagra and Cialis. After noticing the ads on April 9, IT staff discovered the file containing the sensitive information. "When we were doing the security review after the hacker incident, we saw this file there and it wasn't properly secured, so it could have been targeted by someone," Dilger said.
The university believes that the hackers came from outside the U.S., and it is working with the Connecticut attorney general's office to investigate, Dilger said.
The file on the Web server contained names, addresses and Social Security numbers of students who had registered to graduate from the school, dating back to 2002.
Dream job at Microsoft turns out to be too good to be true
30 April 08 12:26 PM
New York man faces up to four years in prison
after pleading guilty last week to posting
fake job ads
for technology companies
such as
Microsoft,
Yahoo
and
PayPal.
The poorly written ads sounded too good to be true. "Microsoft Corporation is now seeking for [sic] bright jobseekers who think big and dream big to fill out many open positions." Applicants could work flexible hours from home and earn between $15 and $27.50 per hour working on administrative, customer service and sales jobs.
Victims who responded were asked to send personal information such as their date of birth and Social Security number. The scammer would then use the information for ID theft or sell it to other criminals, said Aaron Kornblum, a senior attorney with Microsoft's Internet Safety Enforcement division. The man even asked for detailed banking information, an unheard-of request in legitimate job applications.
The poorly written ads sounded too good to be true. "Microsoft Corporation is now seeking for [sic] bright jobseekers who think big and dream big to fill out many open positions." Applicants could work flexible hours from home and earn between $15 and $27.50 per hour working on administrative, customer service and sales jobs.
Victims who responded were asked to send personal information such as their date of birth and Social Security number. The scammer would then use the information for ID theft or sell it to other criminals, said Aaron Kornblum, a senior attorney with Microsoft's Internet Safety Enforcement division. The man even asked for detailed banking information, an unheard-of request in legitimate job applications.
CNN site hit by China attack
24 April 08 10:45 AM
fter being called off Friday, the on-again,
off-again cyberattack against
CNN's
Web site again picked up steam early this
week, according to network security analysts.
At its peak, the attack has sucked up 100MB/S in bandwidth, enough to slow the news Web site for some visitors. "That's a decent-sized attack," said Jose Nazario, a senior security engineer at Arbor Networks Inc. "Globally speaking, it's probably garden-variety."
Organizers calling themselves "Revenge of the Flame" had originally called for the attack to be launched on April 19. But they soon called off their efforts with one organizer, CN-Magistrate, saying that "too many people are aware of it, and the situation is chaotic."
CN-Magistrate soon disbanded his Web site devoted to these attacks and dropped out of public view.
Hackers had launched some low-intensity attacks against CNN ahead of the April 19 deadline, but on Sunday, another group calling itself HackCNN picked up the attack. CNN visitors experienced a noticeable slowdown during the early hours of Sunday and Monday, researchers said.
This group also managed to deface a Sports Network Web site (sports.si.cnn.com), replacing sports scores with slogans such as "Tibet was, is and always will be a part of China!"
At its peak, the attack has sucked up 100MB/S in bandwidth, enough to slow the news Web site for some visitors. "That's a decent-sized attack," said Jose Nazario, a senior security engineer at Arbor Networks Inc. "Globally speaking, it's probably garden-variety."
Organizers calling themselves "Revenge of the Flame" had originally called for the attack to be launched on April 19. But they soon called off their efforts with one organizer, CN-Magistrate, saying that "too many people are aware of it, and the situation is chaotic."
CN-Magistrate soon disbanded his Web site devoted to these attacks and dropped out of public view.
Hackers had launched some low-intensity attacks against CNN ahead of the April 19 deadline, but on Sunday, another group calling itself HackCNN picked up the attack. CNN visitors experienced a noticeable slowdown during the early hours of Sunday and Monday, researchers said.
This group also managed to deface a Sports Network Web site (sports.si.cnn.com), replacing sports scores with slogans such as "Tibet was, is and always will be a part of China!"
Hannaford to spend 'millions' on IT security upgrades after breach
24 April 08 10:44 AM
Executives at
Hannaford Bros. Co.
said today that the grocer expects to spend
"millions" of dollars on IT security upgrades
in the wake of the recent
network intrusion
that resulted in the theft of up to 4.2
million credit and debit card numbers from
its systems.
The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its stores, plus the deployment of PIN pad devices featuring Triple DES encryption support in store checkout aisles.
The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its stores, plus the deployment of PIN pad devices featuring Triple DES encryption support in store checkout aisles.
Hacker redirects Obama's Web site to Clinton's
22 April 08 10:18 AM
Someone exploited a weakness in Democratic
presidential hopeful
Barack
Obama's Web site
and redirected visitors to rival
Hillary
Clinton's site
over the weekend, according to a posting on
the
blog of security firm
NetCraft.
Basically, visitors to the community blogs section of Obama's site on Saturday night were sent to Clinton's site. Someone using the alias "Mox" and purporting to be from Liverpool, Ill., claimed credit for the hack on Obama's site late on Sunday.
The writer downplayed the act, saying: "All I did was exploit some poorly written HTML code." Basically, the hack was possible because of a cross-site scripting vulnerability, which is a common hole in Web sites.
A YouTube user named "Zennie62" posted a video clip showing him being redirected from Obama's site to Clinton's.
The redirect has been fixed, but "Mox" says similar vulnerabilities remain on the site.
Basically, visitors to the community blogs section of Obama's site on Saturday night were sent to Clinton's site. Someone using the alias "Mox" and purporting to be from Liverpool, Ill., claimed credit for the hack on Obama's site late on Sunday.
The writer downplayed the act, saying: "All I did was exploit some poorly written HTML code." Basically, the hack was possible because of a cross-site scripting vulnerability, which is a common hole in Web sites.
A YouTube user named "Zennie62" posted a video clip showing him being redirected from Obama's site to Clinton's.
The redirect has been fixed, but "Mox" says similar vulnerabilities remain on the site.
Heart device found vulnerable to hacker attacks
18 March 08 09:38 AM
The
threat seems largely theoretical. But a team
of computer security researchers plans to
report Wednesday that it had been able
to
gain wireless access to a combination heart
defibrillator and
pacemaker.
They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal--if the device had been in a person. In this case, the researchers were hacking into a device in a laboratory.
The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device's maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.
They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal--if the device had been in a person. In this case, the researchers were hacking into a device in a laboratory.
The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device's maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.
Credit card data stolen from supermarket chain
18 March 08 08:26 AM
A computer hacker stole thousands of credit
card numbers after breaching security at two
U.S. grocery store chains owned by
Belgium-based Delhaize Group SA, the
companies said on Monday.
Nearly 2,000 cases of fraud have been linked to the breach, but no personal information such as names or addresses was accessed when the hacker broke into the Hannaford Bros. stores in Massachusetts, New England and New York, and Sweetbay customers in Florida, Hannaford said in a statement.
Boston's WBZ radio said 4.2 million credit and debit card numbers were stolen. Company officials were not immediately available to confirm the number of stolen card numbers.
Nearly 2,000 cases of fraud have been linked to the breach, but no personal information such as names or addresses was accessed when the hacker broke into the Hannaford Bros. stores in Massachusetts, New England and New York, and Sweetbay customers in Florida, Hannaford said in a statement.
Boston's WBZ radio said 4.2 million credit and debit card numbers were stolen. Company officials were not immediately available to confirm the number of stolen card numbers.
Laptop with 200 children's health records stolen
06 March 08 10:33 PM
A laptop containing personal details of more
than 200 children has been stolen from a
Shropshire medical center.
Telford and Wrekin Primary Care Trust (PCT) confirmed a laptop was stolen from the Madeley Health Centre, while one of its language therapists was running a clinic and had left the laptop in an adjacent room.
It has since been disconnected from the NHS network to ensure no access to data, but a memory stick with 238 patients' details is still missing. These records include patient names, date of births, and addresses as well as the details of their speech and language therapy treatment.
Simon Conolly, Telford & Wrekin PCT chief executive said in a statement that the laptop had been fitted with encryption software to comply with the high NHS security standards.
"The equipment was also fitted with sophisticated tracking equipment and the police were informed immediately."
The PCT said it informed patients of the breach as soon as the theft was reported, and the trust is undergoing a thorough investigation.
Conolly said: "All staff are given strict instructions about all aspects of security on patient records, for example not to leave laptops in cars. It is extremely unfortunate that the equipment has been stolen from the NHS clinic while the therapist was working there. A thorough internal investigation is being carried out and if there are lessons to be learnt from this incident, the PCT will be ensure that security measures are reinforced."
Telford and Wrekin Primary Care Trust (PCT) confirmed a laptop was stolen from the Madeley Health Centre, while one of its language therapists was running a clinic and had left the laptop in an adjacent room.
It has since been disconnected from the NHS network to ensure no access to data, but a memory stick with 238 patients' details is still missing. These records include patient names, date of births, and addresses as well as the details of their speech and language therapy treatment.
Simon Conolly, Telford & Wrekin PCT chief executive said in a statement that the laptop had been fitted with encryption software to comply with the high NHS security standards.
"The equipment was also fitted with sophisticated tracking equipment and the police were informed immediately."
The PCT said it informed patients of the breach as soon as the theft was reported, and the trust is undergoing a thorough investigation.
Conolly said: "All staff are given strict instructions about all aspects of security on patient records, for example not to leave laptops in cars. It is extremely unfortunate that the equipment has been stolen from the NHS clinic while the therapist was working there. A thorough internal investigation is being carried out and if there are lessons to be learnt from this incident, the PCT will be ensure that security measures are reinforced."
Storm worm 'making millions a day'
11 February 08 09:41 AM
The
people behind the Storm worm are making
millions of pounds a day by using it to
generate revenue, according to IBM’s
principal web security strategist.
Joshua Corman, of IBM Internet Security Systems, said that in the past it had been assumed that web security attacks were essential ego driven. But now attackers fell in three camps.
‘I call them my three Ps, profit, politics and prestige,’ he said during a debate at a NetEvents forum in Barcelona.
The Storm worm, which had been around about a year, had been a tremendous financial success because it created a botnet of compromised machines that could be used to launch profitable spam attacks.
Not only do the criminals get money simply for sending out the spam in much more quantity than could be sent by a single machine but they get a cut of any business done off the spam.
The weak point in this case was the end user who visits a compromised site or who falls for a trick of social engineering.
Joshua Corman, of IBM Internet Security Systems, said that in the past it had been assumed that web security attacks were essential ego driven. But now attackers fell in three camps.
‘I call them my three Ps, profit, politics and prestige,’ he said during a debate at a NetEvents forum in Barcelona.
The Storm worm, which had been around about a year, had been a tremendous financial success because it created a botnet of compromised machines that could be used to launch profitable spam attacks.
Not only do the criminals get money simply for sending out the spam in much more quantity than could be sent by a single machine but they get a cut of any business done off the spam.
The weak point in this case was the end user who visits a compromised site or who falls for a trick of social engineering.
Greece arrests man suspected of major data hacks
30 January 08 10:52 PM
Greek police said on Friday they have
arrested a man suspected of selling corporate
secrets from France's Dassault Group,
including data on weapons systems.
"This 58-year-old mathematician was wanted since 2002 after Dassault contacted Greek authorities," a police official, speaking on condition of anonymity, told Reuters.
"He is responsible for causing damages in excess of $361 million to the company and he has sold this corporate data, including information on weapons systems, to about 250 buyers through the Internet," the official said.
Police suspect the man of selling the data to buyers in Germany, Italy, France, South Africa, Brazil, as well as countries in Asia and the Balkans.
"The man hacked into the company's computer system and got possession of the data," the official said.
Police officers accompanied by computer experts raided the central Athens apartment the man was renting under an assumed name and said he was very competent in covering up his electronic footprints.
"He is one of the world's best hackers, using the nickname ASTRA, but we are also looking for an accomplice in the United Kingdom who helped him locate buyers online," the official said.
"This 58-year-old mathematician was wanted since 2002 after Dassault contacted Greek authorities," a police official, speaking on condition of anonymity, told Reuters.
"He is responsible for causing damages in excess of $361 million to the company and he has sold this corporate data, including information on weapons systems, to about 250 buyers through the Internet," the official said.
Police suspect the man of selling the data to buyers in Germany, Italy, France, South Africa, Brazil, as well as countries in Asia and the Balkans.
"The man hacked into the company's computer system and got possession of the data," the official said.
Police officers accompanied by computer experts raided the central Athens apartment the man was renting under an assumed name and said he was very competent in covering up his electronic footprints.
"He is one of the world's best hackers, using the nickname ASTRA, but we are also looking for an accomplice in the United Kingdom who helped him locate buyers online," the official said.
Employee's silent rampage wipes out $2.5m worth of data
26 January 08 05:18 PM
A
Florida woman who believed she was about to
get fired has been accused of deleting $2.5m
worth of computer files to seek revenge on
her employer.
Jacksonville Sheriff's officials say Marie Lupe Cooley, 41, used her own account credentials to access the server of Steven E. Hutchins Architects and delete seven years' worth of drawings. The firm's alarm company said someone entered the premises at 11 p.m. on Sunday and was there for about four hours.
Cooley went on her silent rampage after finding a help-wanted ad placed by her boss. It described an open administrative assistant position that sounded remarkably similar to hers.
"She decided to go and mess up everything for everybody," a spokesman for the sheriff's office told FirstCoast News here. "She decided to be spiteful and go in and sabotage the records. And she did a very good job of that."
Firm owner Steven Hutchins said he was able to recover the files. "It was not a sensationalistic amount of money," he told El Reg, referring to the fee he paid a consultant to dredge up the discarded architectural drawings. He declined to say if he had stored backups of the files, which were valued at $2.5m.
Cooley was charged with damage in excess of $1,000 to computers and was released on bail.
As it turned out, the help-wanted ad listed a position available in the office of Hutchins's wife. Cooley's job was never under threat, though it probably is now.
Jacksonville Sheriff's officials say Marie Lupe Cooley, 41, used her own account credentials to access the server of Steven E. Hutchins Architects and delete seven years' worth of drawings. The firm's alarm company said someone entered the premises at 11 p.m. on Sunday and was there for about four hours.
Cooley went on her silent rampage after finding a help-wanted ad placed by her boss. It described an open administrative assistant position that sounded remarkably similar to hers.
"She decided to go and mess up everything for everybody," a spokesman for the sheriff's office told FirstCoast News here. "She decided to be spiteful and go in and sabotage the records. And she did a very good job of that."
Firm owner Steven Hutchins said he was able to recover the files. "It was not a sensationalistic amount of money," he told El Reg, referring to the fee he paid a consultant to dredge up the discarded architectural drawings. He declined to say if he had stored backups of the files, which were valued at $2.5m.
Cooley was charged with damage in excess of $1,000 to computers and was released on bail.
As it turned out, the help-wanted ad listed a position available in the office of Hutchins's wife. Cooley's job was never under threat, though it probably is now.
Jihadi software promises secure Web contacts
20 January 08 07:07 PM
An Islamist Web site often used by al-Qaida
supporters carried updated encryption
software on Friday that it said would help
Islamic militants communicate with greater
security on the Internet.
The Mujahideen Secrets 2 was promoted as "the first Islamic program for secure communications through networks with the highest technical level of encoding."
The software, available for free on the password-protected Ekhlaas.org site, which often carries al-Qaida messages, is a newer version of Mujahideen Secrets issued in early 2007 by the Global Islamic Media Front, an al-Qaida-linked Web-based group.
"This special edition of the software was developed and issued by...Ekhlaas in order to support the mujahideen (holy war fighters) in general and the (al-Qaida-linked group) Islamic State in Iraq in particular," the site said.
The efficacy of the new Arabic-language software to ensure secure e-mail and other communications could not be immediately gauged. But some security experts had warned that the wide distribution of its earlier version among Islamists and Arabic-speaking hackers could prove significant.
The Mujahideen Secrets 2 was promoted as "the first Islamic program for secure communications through networks with the highest technical level of encoding."
The software, available for free on the password-protected Ekhlaas.org site, which often carries al-Qaida messages, is a newer version of Mujahideen Secrets issued in early 2007 by the Global Islamic Media Front, an al-Qaida-linked Web-based group.
"This special edition of the software was developed and issued by...Ekhlaas in order to support the mujahideen (holy war fighters) in general and the (al-Qaida-linked group) Islamic State in Iraq in particular," the site said.
The efficacy of the new Arabic-language software to ensure secure e-mail and other communications could not be immediately gauged. But some security experts had warned that the wide distribution of its earlier version among Islamists and Arabic-speaking hackers could prove significant.
CIA Says Hackers Have Cut Power Grid
20 January 08 04:50 AM
CIA analyst
Tom Donahue
disclosed the recently declassified attacks
while offering few specifics on what actually
went wrong.
Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.
"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," he said.
Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.
"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," he said.
GE Money Lost Backup Tape with 650,000 Card Holders Information
19 January 08 08:37 PM
Personal information belongs to 650,000 US
customers of J.C. Penney and up to 100
retailers, including 150,000 social security
numbers in a backup tape was reported missing
by GE Money. GE Money been trying to locate
the backup tape since October but it simply
vanished into thin air inside a storage vault
owned by Iron Mountain. The authority
believed the missing records have not been
exploited in any way and insisted the
incident is not an act of identity theft but
a misplaced tape case.
GE Money has offered to pay for 12 months of credit monitoring for anyone whose social security number was lost but has not been able to identify the other retailers which customer information could be involved.
GE Money has offered to pay for 12 months of credit monitoring for anyone whose social security number was lost but has not been able to identify the other retailers which customer information could be involved.
'Hacker Safe' Web Site Suffers Security Breach
16 January 08 03:43 PM
Even if a Web site displays a seal certifying
that it is hackproof, it may not always be
immune to security breaches.
A case in point is Geeks.com, which on Jan. 4 began notifying an undisclosed number of customers that their personal and financial data may have been compromised. The online technology retailer, whose formal name is Genica Corp., said in a warning letter that it discovered the system intrusion on Dec. 5.
The compromised information included names, street and e-mail addresses, telephone numbers and Visa credit card numbers, card expiration dates and three-digit card verification numbers, according to a copy of the letter posted on The Consumerist blog.
Geeks.com is a $150 million company specializing in the sale of excess inventory and manufacturers' closeouts. Its Web site says that it is tested on a daily basis by ScanAlert Inc., which offers a service that constantly monitors sites for vulnerabilities.
But ScanAlert spokesman Nigel Ravenhill said via e-mail last week that the vendor, which is being acquired by McAfee Inc., had withdrawn its Hacker Safe certification from Geeks.com "several times" last year after finding vulnerabilities in the retailer's systems. Geeks.com fell out of compliance last June and again in December, he said.
A case in point is Geeks.com, which on Jan. 4 began notifying an undisclosed number of customers that their personal and financial data may have been compromised. The online technology retailer, whose formal name is Genica Corp., said in a warning letter that it discovered the system intrusion on Dec. 5.
The compromised information included names, street and e-mail addresses, telephone numbers and Visa credit card numbers, card expiration dates and three-digit card verification numbers, according to a copy of the letter posted on The Consumerist blog.
Geeks.com is a $150 million company specializing in the sale of excess inventory and manufacturers' closeouts. Its Web site says that it is tested on a daily basis by ScanAlert Inc., which offers a service that constantly monitors sites for vulnerabilities.
But ScanAlert spokesman Nigel Ravenhill said via e-mail last week that the vendor, which is being acquired by McAfee Inc., had withdrawn its Hacker Safe certification from Geeks.com "several times" last year after finding vulnerabilities in the retailer's systems. Geeks.com fell out of compliance last June and again in December, he said.
Two-thirds of Oracle DBAs don't apply security patches - Complexity of task makes admins not want to bother
16 January 08 03:37 PM
Oracle Corp.
issues dozens of security patches every
quarter, but that doesn't mean database
administrators are necessarily implementing
them.
In fact, a good two-thirds of all Oracle DBAs appear not to be installing Oracle's security patches at all, no matter how critical the vulnerabilities may be, according to survey results from Sentrigo Inc., a Woburn, Mass.-based vendor of database security products.
The results are "surprising, and to be candid, quite frightening," said Mike Rothman, president of consulting firm Security Incite in Atlanta.
Sentrigo polled 305 Oracle database administrators from 14 Oracle user groups between August 2007 and January 2008. The company basically asked the administrators two questions: whether they had installed the latest Oracle patches, and whether they had ever installed any of Oracle's security updates.
There are two major reasons for the trend, Markovich said. The first and most important is that most DBAs fear the consequences of installing a patch on a running database, he said.
"To apply the CPU, you need to change the binaries of the database," he said. "You change the database behavior in some ways that may affect application performance," he said. So applying security patches to a database typically involves testing them against the applications that feed off the database, he said. "This is a very long and very hard process to do, especially if you are in enterprises with a large number of databases and applications," he said. Applying these patches means months of labor and sometimes significant downtime, both of which most companies can't afford, he said.
In fact, a good two-thirds of all Oracle DBAs appear not to be installing Oracle's security patches at all, no matter how critical the vulnerabilities may be, according to survey results from Sentrigo Inc., a Woburn, Mass.-based vendor of database security products.
The results are "surprising, and to be candid, quite frightening," said Mike Rothman, president of consulting firm Security Incite in Atlanta.
Sentrigo polled 305 Oracle database administrators from 14 Oracle user groups between August 2007 and January 2008. The company basically asked the administrators two questions: whether they had installed the latest Oracle patches, and whether they had ever installed any of Oracle's security updates.
There are two major reasons for the trend, Markovich said. The first and most important is that most DBAs fear the consequences of installing a patch on a running database, he said.
"To apply the CPU, you need to change the binaries of the database," he said. "You change the database behavior in some ways that may affect application performance," he said. So applying security patches to a database typically involves testing them against the applications that feed off the database, he said. "This is a very long and very hard process to do, especially if you are in enterprises with a large number of databases and applications," he said. Applying these patches means months of labor and sometimes significant downtime, both of which most companies can't afford, he said.
Another new Trojan intercepts online banking information
16 January 08 03:35 PM
A new Trojan program is targeting unwitting
users' bank data by intercepting account
information before it is encrypted and
sending it to an attacker's central database.
The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user's bank account details over to the attacker's account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker's account after entering their second authentication password.
Although the Trojan.Silentbanker is listed by Symantec as having a low level of distribution and being easy to remove from infected machines, Symantec security response team member Liam O'Murchu says it still poses a danger because of its ability to work without users detecting it.
"The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis," writes O'Murchu on Symantec's security response blog. "This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey -- the list goes on."
The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user's bank account details over to the attacker's account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker's account after entering their second authentication password.
Although the Trojan.Silentbanker is listed by Symantec as having a low level of distribution and being easy to remove from infected machines, Symantec security response team member Liam O'Murchu says it still poses a danger because of its ability to work without users detecting it.
"The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis," writes O'Murchu on Symantec's security response blog. "This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey -- the list goes on."
Sears sued over privacy breach
09 January 08 08:18 PM
Sears Holdings Corp.
is facing a class-action lawsuit after making
the purchase history of its customers public
on its
Managemyhome.com
Web site.
The lawsuit seeks damages as well as an accounting by Sears to determine whether the Web site was misused by criminals. It was filed on Friday by New Jersey resident Christine Desantis, who is represented by KamberEdelson LLC, a technology law firm.
KamberEdelson is best known for its recent settlement with social networking site Facebook Inc. over its sending of unwanted text messages to recycled cell-phone numbers.
"It's a pretty simple case," said Jay Edelson, a partner at the Chicago-based law firm. "Sears decided to put private information of its customers up on the Web site and make it publicly available. They did it without telling their customers that it was going to happen ... and they really did it for their own financial reasons."
The lawsuit seeks damages as well as an accounting by Sears to determine whether the Web site was misused by criminals. It was filed on Friday by New Jersey resident Christine Desantis, who is represented by KamberEdelson LLC, a technology law firm.
KamberEdelson is best known for its recent settlement with social networking site Facebook Inc. over its sending of unwanted text messages to recycled cell-phone numbers.
"It's a pretty simple case," said Jay Edelson, a partner at the Chicago-based law firm. "Sears decided to put private information of its customers up on the Web site and make it publicly available. They did it without telling their customers that it was going to happen ... and they really did it for their own financial reasons."
New rootkit hides in hard drive's boot record
09 January 08 08:16 PM
A rootkit that hides from Windows on the hard
drive's boot sector is infecting PCs,
security researchers said today. Once
installed, the cloaking software is
undetectable by most current anti-virus
programs.
The rootkit overwrites the hard drive's master boot record (MBR), the first sector -- sector 0 -- where code is stored to bootstrap the operating system after the computer's BIOS does its startup checks. Because it hides on the MBR, the rootkit is effectively invisible to the OS and security software installed on that OS.
"A traditional rootkit installs as a driver, just as when you install any hardware or software," said Oliver Friedrichs, director of Symantec Corp.'s security response team. "Those drivers are loaded at or after the boot process. But this new rootkit installs itself before the operating system loads. It starts executing before the main operating system has a chance to execute." Control the MBR, Friedrichs continued, and you control the operating system, and thus the computer.
"That gives it unprecedented access to the computer," Friedrichs said. "It's able to hide in a manner that a traditional rootkit never can."
The rootkit overwrites the hard drive's master boot record (MBR), the first sector -- sector 0 -- where code is stored to bootstrap the operating system after the computer's BIOS does its startup checks. Because it hides on the MBR, the rootkit is effectively invisible to the OS and security software installed on that OS.
"A traditional rootkit installs as a driver, just as when you install any hardware or software," said Oliver Friedrichs, director of Symantec Corp.'s security response team. "Those drivers are loaded at or after the boot process. But this new rootkit installs itself before the operating system loads. It starts executing before the main operating system has a chance to execute." Control the MBR, Friedrichs continued, and you control the operating system, and thus the computer.
"That gives it unprecedented access to the computer," Friedrichs said. "It's able to hide in a manner that a traditional rootkit never can."
Hackers Launch Major Attack on US Military Labs
09 December 07 12:17 AM
Hackers have
succeeded in breaking into the computer
systems of two of the U.S.' most important
science labs, the Oak Ridge National
Laboratory and Los Alamos National
Laboratory.
Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Laboratory in New Mexico.
In what a spokesperson for the Oak Ridge facility described as a "sophisticated cyber attack," it appears that intruders accessed a database of visitors to the Tennessee lab between 1990 and 2004, which included their social security numbers and dates of birth. Three thousand researchers reportedly visit the lab each year, a who's who of the science establishment in the U.S.
The attack was described as being conducted through several waves of phishing emails with malicious attachments, starting on Oct. 29. Although not stated, these would presumably have launched Trojans if opened, designed to bypass security systems from within, which raises the likelihood that the attacks were targeted specifically at the lab.
Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Laboratory in New Mexico.
In what a spokesperson for the Oak Ridge facility described as a "sophisticated cyber attack," it appears that intruders accessed a database of visitors to the Tennessee lab between 1990 and 2004, which included their social security numbers and dates of birth. Three thousand researchers reportedly visit the lab each year, a who's who of the science establishment in the U.S.
The attack was described as being conducted through several waves of phishing emails with malicious attachments, starting on Oct. 29. Although not stated, these would presumably have launched Trojans if opened, designed to bypass security systems from within, which raises the likelihood that the attacks were targeted specifically at the lab.
Hackers Cracked Charities’ Addresses and Passwords
27 November 07 05:01 PM
Hackers obtained
access last month to the e-mail addresses and
passwords of thousands of donors to 92
charities that use online database software
and services from Convio Inc.
Among the charities are CARE and the American Museum of Natural History.
There is no evidence that anyone has used the information to engage in fraud, but several charities have notified donors of the breach and advised them to consider changing passwords if they use the same password for other purposes. Convio, of Austin, Tex., which works primarily with charities, discovered the breach on Nov. 1 and told clients about it two days later, said Tad Druart, a spokesman.
About a week later, the company notified an additional 62 nonprofit groups that similar information about their donors might have been compromised, although there was no evidence that it had been downloaded, Mr. Druart said.
He said the problem affected only users of GetActive, a business that was acquired by Convio almost a year ago.
“The investigation is continuing,” Mr. Druart said.
News of the breach was reported as the year-end giving season starts. A growing number of donors use the Internet to make their gifts, and experts said some charities might have been reluctant to inform them about the breach out of fear that it would affect donations.
“This wasn’t the best time for this to happen,” said Beth Kanter, a consultant and blogger. “It’s a matter of donor stewardship, and while it’s not an emergency, you need to treat it as if it was one.”
Among the charities are CARE and the American Museum of Natural History.
There is no evidence that anyone has used the information to engage in fraud, but several charities have notified donors of the breach and advised them to consider changing passwords if they use the same password for other purposes. Convio, of Austin, Tex., which works primarily with charities, discovered the breach on Nov. 1 and told clients about it two days later, said Tad Druart, a spokesman.
About a week later, the company notified an additional 62 nonprofit groups that similar information about their donors might have been compromised, although there was no evidence that it had been downloaded, Mr. Druart said.
He said the problem affected only users of GetActive, a business that was acquired by Convio almost a year ago.
“The investigation is continuing,” Mr. Druart said.
News of the breach was reported as the year-end giving season starts. A growing number of donors use the Internet to make their gifts, and experts said some charities might have been reluctant to inform them about the breach out of fear that it would affect donations.
“This wasn’t the best time for this to happen,” said Beth Kanter, a consultant and blogger. “It’s a matter of donor stewardship, and while it’s not an emergency, you need to treat it as if it was one.”
UK bank data of millions missing
21 November 07 10:45 AM
Paul Gray, the Revenue and Customs chairman,
has resigned over the error, which happened
when officials sent the disks to a government
audit office.
Treasury chief Alistair Darling said the delivery was not being tracked and was missing for three weeks before any alarm was raised.
The disks contained details on 7.25 million families in Britain claiming child benefit -- a tax-free monthly payment available to everyone with children. The figure represents almost half the families in Britain, and the majority of the country's children. Britain's population is about 60 million.
The information on the disks included the names of parents and children, their addresses, dates of birth, national insurance numbers and banking details.
Britain's tax and customs service lost banking and personal data of 25 million people -- nearly half the country's population -- when two computer disks disappeared in an internal mail service, the Treasury chief said Tuesday.
Treasury chief Alistair Darling said the delivery was not being tracked and was missing for three weeks before any alarm was raised.
The disks contained details on 7.25 million families in Britain claiming child benefit -- a tax-free monthly payment available to everyone with children. The figure represents almost half the families in Britain, and the majority of the country's children. Britain's population is about 60 million.
The information on the disks included the names of parents and children, their addresses, dates of birth, national insurance numbers and banking details.
Britain's tax and customs service lost banking and personal data of 25 million people -- nearly half the country's population -- when two computer disks disappeared in an internal mail service, the Treasury chief said Tuesday.
White House ordered to back up e-mail
14 November 07 03:24 AM
Why
is it taking White House officials so long to
restore millions of deleted e-mails from the
backup tapes they claim to have?
The e-mails in question date from March 2003 to October 2005 -- a crucial period that includes the Iraq invasion, a presidential election and Hurricane Katrina.
White House officials have known for more than two years that the messages were deleted -- a clear violation of presidential records-preservation statutes. But the president's aides won't explain what happened, what sort of backups they have and what they're doing about it.
That obstinacy led a federal judge to step in yesterday and order the White House to preserve every bit of related data in its possession -- just to make sure nothing untoward happens while a civil suit by two open-government groups goes forward.
The e-mails in question date from March 2003 to October 2005 -- a crucial period that includes the Iraq invasion, a presidential election and Hurricane Katrina.
White House officials have known for more than two years that the messages were deleted -- a clear violation of presidential records-preservation statutes. But the president's aides won't explain what happened, what sort of backups they have and what they're doing about it.
That obstinacy led a federal judge to step in yesterday and order the White House to preserve every bit of related data in its possession -- just to make sure nothing untoward happens while a civil suit by two open-government groups goes forward.
Russian hacker gang goes dark to relocate; may be moving to China
08 November 07 12:20 PM
The Russian Business Network (RBN), a
notorious hacker and malware hosting
organization that operates out of St.
Petersburg, Russia, has gone off the air,
security researchers said today.
According to a pair of Trend Micro Inc. researchers, RBN went dark around 10 p.m. EST Tuesday. "The routing information for their IP addresses has been withdrawn," said Paul Ferguson, a network architect at Trend Micro. "That's significant because while RBN has had connectivity issues in the past, then the routing [to its IP addresses] was still being advertised. This time, they've been voluntarily withdrawn.
"This is not the result of someone, such as their ISP, blackholing their traffic," Ferguson continued. "This was done voluntarily." Another report, however, on The Washington Post's Web site, claimed that while RBN has severed links to the Internet, its upstream connectivity providers had begun to refuse to route RBN traffic as early as mid-October.
By relinquishing control of the IP blocks it had been allocated, RBN essentially cut ties to the Internet and made it impossible for its domains -- which number in the thousands -- to access the Web or for users to reach those domains. "Where once there might have been 22 feasible paths for data to take to their IP blocks, now there are none," Ferguson said.
According to a pair of Trend Micro Inc. researchers, RBN went dark around 10 p.m. EST Tuesday. "The routing information for their IP addresses has been withdrawn," said Paul Ferguson, a network architect at Trend Micro. "That's significant because while RBN has had connectivity issues in the past, then the routing [to its IP addresses] was still being advertised. This time, they've been voluntarily withdrawn.
"This is not the result of someone, such as their ISP, blackholing their traffic," Ferguson continued. "This was done voluntarily." Another report, however, on The Washington Post's Web site, claimed that while RBN has severed links to the Internet, its upstream connectivity providers had begun to refuse to route RBN traffic as early as mid-October.
By relinquishing control of the IP blocks it had been allocated, RBN essentially cut ties to the Internet and made it impossible for its domains -- which number in the thousands -- to access the Web or for users to reach those domains. "Where once there might have been 22 feasible paths for data to take to their IP blocks, now there are none," Ferguson said.
High resolution image hints at 'Mona Lisa's' eyebrows
19 October 07 01:29 AM
The "Mona Lisa" has long been shrouded in mystery, including one long-standing question about the famous lady: What happened to her eyebrows and eyelashes?
Now, a French engineer and inventor says he's uncovered part of the enigma. Pascal Cotte announced at a press conference Wednesday that he has found definitive proof that when Leonardo da Vinci painted the original portrait he included "Mona Lisa's" lashes and brows. Cotte examined the world's most famous painting using a high-definition camera of his own design.
The device scanned a 240-million pixel image using 13 light spectrums, including ultra-violet and infrared. The resulting ultra-high resolution photograph of 150,000 dots per inch yielded a reproduction of the "Mona Lisa's" face magnified 24 times. And there Cotte found the evidence he sought -- a single brushstroke of a single hair above the left brow. "One day I say, if I can find only one hair, only one hair of the eyebrow, I will have definitively the proof that originally he had painted eyelash and eyebrow," said Cotte.
So, if she once had lashes, where did they go? Possibly faded pigment, Cotte suggested, or possibly a poor attempt to clean the painting. "And if you look closely at the eye of 'Mona Lisa' you can clearly see that the cracks around the eye have slightly disappeared, and that may be explained that one day a curator or restorer cleaned the eye, and cleaning the eye, removed, probably removed the eyelashes and eyebrow," he said.
Cotte's high resolution camera led him to numerous additional discoveries about the enigmatic artwork. The infrared layer of the image shows that the fingers of the "Mona Lisa's" left hand were originally painted in a slightly different position than in the final portrait.
Stolen Home Depot laptop exposes employee data
19 October 07 01:17 AM
A laptop containing personal data on about
10,000 Home Depot employees was stolen from
the car of a regional manager, Home Depot
announced Wednesday.
The laptop was stolen several weeks ago from the car of the regional manager in Massachusetts while it was parked in front of his home, according to Home Depot.
"The Home Depot takes data security seriously and works very diligently to protect its customers' and associates' privacy," said Sarah Molinari, corporate communications manager for Home Depot. "We continually work to upgrade and improve our data security and privacy systems."
While the password-protected computer contained no customer information, the names, addresses and Social Security numbers of the Home Depot employees may have been compromised. Home Depot is providing free credit-monitoring services to the exposed employees as a result.
The laptop was stolen several weeks ago from the car of the regional manager in Massachusetts while it was parked in front of his home, according to Home Depot.
"The Home Depot takes data security seriously and works very diligently to protect its customers' and associates' privacy," said Sarah Molinari, corporate communications manager for Home Depot. "We continually work to upgrade and improve our data security and privacy systems."
While the password-protected computer contained no customer information, the names, addresses and Social Security numbers of the Home Depot employees may have been compromised. Home Depot is providing free credit-monitoring services to the exposed employees as a result.
Criminals Google 'How To Open Safe' In Middle Of Burglary
08 October 07 08:03 AM
A
couple of burglars were stymied when they
tried to crack a safe, so they found a
computer that had been left on and simply
Googled for the information they needed to
make off with $12,000 worth of
loot.
Need a little help cracking a safe and making off with $12,000 worth of money and computer equipment?
Just Google it.
That's what two men did in a Colorado Springs, Colo., burglary.
The burglars, who have yet to be caught, broke into Bigg City, a large amusement center, at 2:45 a.m. on June 11, according to Sgt. Dale Fox of the Colorado Springs Police Department. Despite making off with cash, a laptop
, and a
PlayStation 3 game console worth a total
of $12,000, these weren't a couple of
brilliant thieves.
Even though they had the pass code needed to get into the company's main office and the combination to the safe, the two men still couldn't open it up. "It's more involved than a combination on a school locker," said Fox. "It's not rocket science, but it's more involved." Stymied as to what to do next, the men found a computer that had been left on in the office and simply Googled for information on how to break into the safe.
They found what they needed, opened it up, and made off with the loot.
Need a little help cracking a safe and making off with $12,000 worth of money and computer equipment?
Just Google it.
That's what two men did in a Colorado Springs, Colo., burglary.
The burglars, who have yet to be caught, broke into Bigg City, a large amusement center, at 2:45 a.m. on June 11, according to Sgt. Dale Fox of the Colorado Springs Police Department. Despite making off with cash, a laptop
, and a
PlayStation 3 game console worth a total
of $12,000, these weren't a couple of
brilliant thieves.
Even though they had the pass code needed to get into the company's main office and the combination to the safe, the two men still couldn't open it up. "It's more involved than a combination on a school locker," said Fox. "It's not rocket science, but it's more involved." Stymied as to what to do next, the men found a computer that had been left on in the office and simply Googled for information on how to break into the safe.
They found what they needed, opened it up, and made off with the loot.
Fired worker blames porn on malware
04 October 07 11:26 PM
What:
Hospital respiratory therapist files lawsuit
against hospital for unlawful termination,
blaming malicious software for bookmarking
pornographic Web sites.
When: U.S. District Judge Sarah Evans Barker rules on September 26.
Outcome: Hospital wins motion to dismiss.
What happened, according to court documents and other sources:David Farr was once employed as a respiratory therapist at St. Francis Hospital in Indianapolis, Ind. He started there in October 2000 and was the only male respiratory therapist.
All of the seven respiratory therapists share a small office divided into individual cubicles with one computer in the center of the room. Each therapist is assigned a password, though it's unclear whether logs are kept of each user's individual activities.
In July 2005, Farr's supervisor informed him he was suspended from work because pornographic entries were found in his "Favorites" file, apparently a reference to Web sites bookmarked. Farr denied being responsible and said he was rebuffed when he asked for details about the allegations.
Farr was fired in August 2005. An e-mail message from the hospital's lawyer at the time claims to "have evidence that provides us with reasonable belief that he was accessing pornographic Web sites on his work computer."
After losing his job, Farr went through the formal grievance process listed in the hospital handbook and met with no success. He filed a lawsuit after the grievance committee upheld his termination in December 2005.
What makes this case relevant to Police Blotter is that Farr claims that "St. Francis failed to install and update effective antivirus protection on its computers" and that any pornographic bookmarks were inserted by malicious software. He also claims that antivirus software was required by Health Insurance Portability and Accountability Act.
Farr even retained a computer forensics specialist who concluded: "No one had intentionally loaded the list of Web sites on the computer. Rather, the list was placed on the respiratory therapists' computer by a common and well-known Internet virus that promotes fee-generating pornographic sites."
When: U.S. District Judge Sarah Evans Barker rules on September 26.
Outcome: Hospital wins motion to dismiss.
What happened, according to court documents and other sources:David Farr was once employed as a respiratory therapist at St. Francis Hospital in Indianapolis, Ind. He started there in October 2000 and was the only male respiratory therapist.
All of the seven respiratory therapists share a small office divided into individual cubicles with one computer in the center of the room. Each therapist is assigned a password, though it's unclear whether logs are kept of each user's individual activities.
In July 2005, Farr's supervisor informed him he was suspended from work because pornographic entries were found in his "Favorites" file, apparently a reference to Web sites bookmarked. Farr denied being responsible and said he was rebuffed when he asked for details about the allegations.
Farr was fired in August 2005. An e-mail message from the hospital's lawyer at the time claims to "have evidence that provides us with reasonable belief that he was accessing pornographic Web sites on his work computer."
After losing his job, Farr went through the formal grievance process listed in the hospital handbook and met with no success. He filed a lawsuit after the grievance committee upheld his termination in December 2005.
What makes this case relevant to Police Blotter is that Farr claims that "St. Francis failed to install and update effective antivirus protection on its computers" and that any pornographic bookmarks were inserted by malicious software. He also claims that antivirus software was required by Health Insurance Portability and Accountability Act.
Farr even retained a computer forensics specialist who concluded: "No one had intentionally loaded the list of Web sites on the computer. Rather, the list was placed on the respiratory therapists' computer by a common and well-known Internet virus that promotes fee-generating pornographic sites."
Ready to blow the whistle on a cybercrime? Who ya gonna call?
04 October 07 12:37 PM
You stumble across evidence of a computer
crime, something you believe is clearly and
unequivocally against the law. Your first
step is to report the crime to your employer.
But as Computerworld has reported, it isn't always so simple. Maybe your employer doesn't know how to handle the situation you've uncovered, maybe your superiors don't believe you, or, worse yet, maybe they're choosing to ignore the problem. (It's hard not to be haunted by the case of, the network security analyst fired from Sandia National Laboratories for independently pursuing a network security breach at the company.)
If your conscience wins the ethical debate over whether to report the suspected crime to law enforcement, you'll face another hurdle: finding a law enforcement agency that will listen.
With the possible exception (we hope) of a threat to homeland security, efforts to report cybercrime can become mired in a complex web of overlapping jurisdictions or might even be totally ignored.
Asked where citizens should report various cybercrimes, FBI spokeswoman Cathy Milhoan could not offer definitive guidance. "The lines are still blurry," she acknowledges.
Who you call depends on many factors, including how much money is involved, the media used (Internet? U.S. mail? Telephone?) and whether the criminal activity originated domestically or overseas.
Local? State? Federal?
Beyond that, Milhoan declined to give specific guidance for fear of stepping on other agencies' toes. "I don't want the message to come across that everybody should report their crimes to the FBI, because a lot of state and locals, as well as other government agencies, have their own cyberteams," she says.
Milhoan ticks off a bewildering list of Web sites and agencies. For civil actions, the Federal Trade Commission might be involved. If it touches the U.S. mail, the U.S. Postal Inspector might want to hear about it.
Even experts like Chuck Martell, managing director of investigative services at Veritas Global, sometimes struggle on where they should turn. Martell is currently handling a case in which a former IT employee gained access to the corporate network by means of a backdoor.
But the monetary damages are relatively low, only $30,000, so the U.S. Attorney's Office won't take the case.
"We're literally having a problem finding a law enforcement agency that's interested," Martell says. "We've talked with the FBI, with the state police, with the local police department, trying to get someone to take this case."
Martell has a suggestion that might at first seem counterintuitive: Make your first call to a major law firm. It will likely be able to either advise you or refer you to a private investigator who can tackle the task of figuring out where to report the crime and advise you on what to do.
Investigative firms can also immediately send in forensic specialists, a critical step to prosecuting these cases, Martell stresses. "I can't tell you how many cases [we've had in which] the IT people have attempted to preserve things or try to see what's there, and they polluted the evidence by doing that."
But as Computerworld has reported, it isn't always so simple. Maybe your employer doesn't know how to handle the situation you've uncovered, maybe your superiors don't believe you, or, worse yet, maybe they're choosing to ignore the problem. (It's hard not to be haunted by the case of, the network security analyst fired from Sandia National Laboratories for independently pursuing a network security breach at the company.)
If your conscience wins the ethical debate over whether to report the suspected crime to law enforcement, you'll face another hurdle: finding a law enforcement agency that will listen.
With the possible exception (we hope) of a threat to homeland security, efforts to report cybercrime can become mired in a complex web of overlapping jurisdictions or might even be totally ignored.
Asked where citizens should report various cybercrimes, FBI spokeswoman Cathy Milhoan could not offer definitive guidance. "The lines are still blurry," she acknowledges.
Who you call depends on many factors, including how much money is involved, the media used (Internet? U.S. mail? Telephone?) and whether the criminal activity originated domestically or overseas.
Local? State? Federal?
Beyond that, Milhoan declined to give specific guidance for fear of stepping on other agencies' toes. "I don't want the message to come across that everybody should report their crimes to the FBI, because a lot of state and locals, as well as other government agencies, have their own cyberteams," she says.
Milhoan ticks off a bewildering list of Web sites and agencies. For civil actions, the Federal Trade Commission might be involved. If it touches the U.S. mail, the U.S. Postal Inspector might want to hear about it.
Even experts like Chuck Martell, managing director of investigative services at Veritas Global, sometimes struggle on where they should turn. Martell is currently handling a case in which a former IT employee gained access to the corporate network by means of a backdoor.
But the monetary damages are relatively low, only $30,000, so the U.S. Attorney's Office won't take the case.
"We're literally having a problem finding a law enforcement agency that's interested," Martell says. "We've talked with the FBI, with the state police, with the local police department, trying to get someone to take this case."
Martell has a suggestion that might at first seem counterintuitive: Make your first call to a major law firm. It will likely be able to either advise you or refer you to a private investigator who can tackle the task of figuring out where to report the crime and advise you on what to do.
Investigative firms can also immediately send in forensic specialists, a critical step to prosecuting these cases, Martell stresses. "I can't tell you how many cases [we've had in which] the IT people have attempted to preserve things or try to see what's there, and they polluted the evidence by doing that."
Motivational speaker sentenced for child porn
04 October 07 12:31 PM
Technicians servicing Fortino's laptop
alerted police to what they found
A motivational speaker who took his laptop computer to a Best Buy store for service has been sentenced to 11 years and three months in prison for transporting child pornography, the U.S. Department of Justice announced today.
The case was brought as part of Project Safe Childhood, a nationwide initiative designed to protect children from online exploitation and abuse. The project uses federal, state and local resources to locate and prosecute individuals who exploit children through the Internet.
Michael Fortino, 47, was a nationally recognized motivational speaker and founder of The Center for Lifestyle Management before his arrest in November 2005.
Fortino, of Pittsburgh, pleaded guilty in February in U.S. District Court for the Western District of Arkansas to one count of transporting child pornography across state lines.
Fortino frequently traveled across the country as a self-employed author, speaker and media personality, often bringing his laptop with him, according to the DOJ. He took his laptop to a Fayetteville, Ark., Best Buy store in November 2005 after it was not working properly, the DOJ said.
Best Buy computer technicians discovered several images of what they believed to be child pornography and alerted local police. A forensic review of Fortino's computer by the Fayetteville Police Department found that he had visited Web sites containing child pornography on multiple occasions and often saved images from those sites to his computer, the DOJ said. Police found hundreds of child pornography images on the laptop, as well as several video files from a hidden video camera Fortino had placed in a bedroom on his personal boat, the DOJ said.
The videos depicted children between the ages of 11 and 13 changing clothes and exposing their genitals in the process.
During sentencing yesterday, Judge Jimm Larry Hendren ordered Fortino to pay a $10,000 fine, forfeit computer equipment seized in the investigation and serve 20 years of supervised release, in addition to the prison sentence.
A motivational speaker who took his laptop computer to a Best Buy store for service has been sentenced to 11 years and three months in prison for transporting child pornography, the U.S. Department of Justice announced today.
The case was brought as part of Project Safe Childhood, a nationwide initiative designed to protect children from online exploitation and abuse. The project uses federal, state and local resources to locate and prosecute individuals who exploit children through the Internet.
Michael Fortino, 47, was a nationally recognized motivational speaker and founder of The Center for Lifestyle Management before his arrest in November 2005.
Fortino, of Pittsburgh, pleaded guilty in February in U.S. District Court for the Western District of Arkansas to one count of transporting child pornography across state lines.
Fortino frequently traveled across the country as a self-employed author, speaker and media personality, often bringing his laptop with him, according to the DOJ. He took his laptop to a Fayetteville, Ark., Best Buy store in November 2005 after it was not working properly, the DOJ said.
Best Buy computer technicians discovered several images of what they believed to be child pornography and alerted local police. A forensic review of Fortino's computer by the Fayetteville Police Department found that he had visited Web sites containing child pornography on multiple occasions and often saved images from those sites to his computer, the DOJ said. Police found hundreds of child pornography images on the laptop, as well as several video files from a hidden video camera Fortino had placed in a bedroom on his personal boat, the DOJ said.
The videos depicted children between the ages of 11 and 13 changing clothes and exposing their genitals in the process.
During sentencing yesterday, Judge Jimm Larry Hendren ordered Fortino to pay a $10,000 fine, forfeit computer equipment seized in the investigation and serve 20 years of supervised release, in addition to the prison sentence.
Interview With A Convicted Hacker: Robert Moore Tells How He Broke Into Routers And Stole VoIP Services
03 October 07 12:17 AM
On his way to federal prison, the 23-year-old
hacker says breaking into computers at
telecom companies and major corporations was
"so easy a caveman could do it."
Convicted hacker Robert Moore, who is set to go to federal prison this week, says breaking into 15 telecommunications companies and hundreds of businesses worldwide was incredibly easy because simple IT mistakes left gaping technical holes.
Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to commit computer fraud and is slated to begin his two-year sentence on Thursday for his part in a scheme to steal voice over IP services and sell them through a separate company. While prosecutors call co-conspirator Edwin Pena the mastermind of the operation, Moore acted as the hacker, admittedly scanning and breaking into telecom companies and other corporations around the world.
"It's so easy. It's so easy a caveman can do it," Moore told InformationWeek, laughing. "When you've got that many computers at your fingertips, you'd be surprised how many are insecure."
Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest insecurity? Default passwords.
"I'd say 85% of them were misconfigured routers. They had the default passwords on them," said Moore. "You would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them. We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. ...
Convicted hacker Robert Moore, who is set to go to federal prison this week, says breaking into 15 telecommunications companies and hundreds of businesses worldwide was incredibly easy because simple IT mistakes left gaping technical holes.
Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to commit computer fraud and is slated to begin his two-year sentence on Thursday for his part in a scheme to steal voice over IP services and sell them through a separate company. While prosecutors call co-conspirator Edwin Pena the mastermind of the operation, Moore acted as the hacker, admittedly scanning and breaking into telecom companies and other corporations around the world.
"It's so easy. It's so easy a caveman can do it," Moore told InformationWeek, laughing. "When you've got that many computers at your fingertips, you'd be surprised how many are insecure."
Moore said what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest insecurity? Default passwords.
"I'd say 85% of them were misconfigured routers. They had the default passwords on them," said Moore. "You would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them. We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. ...
Trojan attack targets top executives
02 October 07 09:36 PM
Top-level employees of publicly listed
companies are being targeted by
cybercriminals using malware-infected RTF
documents disguised as recruitment letters.
Security company MessageLabs reported that 1,100 e-mails containing malware-infected RTF (rich text file) attachments were recorded over a 16-hour period this month. Four separate waves appeared between September 13 and 14, the company said.
"All (the e-mails) were going after (top-level) management. The e-mails included the company name in the subject field, purporting to be a recruitment company. What it had in the attachment is an executable RTF file," a MessageLabs representative said.
Similar e-mails were noticed in June, the representative said.
The e-mail, which contains no body text, includes a .scr screen-saver dummy file within an executable RTF file, the representative said. When recipients attempt to open the file, a message is displayed stating: "Microsoft has encountered an error and had to close." The recipient is then advised: "To view this, double click on the message."
Once activated, the RTF file starts a chain of downloads that establish a secure connection between the attacker's server and the infected computer.
Security company MessageLabs reported that 1,100 e-mails containing malware-infected RTF (rich text file) attachments were recorded over a 16-hour period this month. Four separate waves appeared between September 13 and 14, the company said.
"All (the e-mails) were going after (top-level) management. The e-mails included the company name in the subject field, purporting to be a recruitment company. What it had in the attachment is an executable RTF file," a MessageLabs representative said.
Similar e-mails were noticed in June, the representative said.
The e-mail, which contains no body text, includes a .scr screen-saver dummy file within an executable RTF file, the representative said. When recipients attempt to open the file, a message is displayed stating: "Microsoft has encountered an error and had to close." The recipient is then advised: "To view this, double click on the message."
Once activated, the RTF file starts a chain of downloads that establish a secure connection between the attacker's server and the infected computer.
Poll: Americans wrong about computer security
02 October 07 09:32 PM
Most Americans believe their computers are
protected against viruses and spyware, but
scans found that a large number had outdated
or disabled security software, according to a
poll released on Monday.
Fully 87 percent of Americans polled said they had antivirus software, 73 percent said they had a firewall and 70 percent said they had antispyware software, according to the survey by security software maker McAfee and the National Cyber Security Alliance.
But when pollsters asked to remotely scan the respondents' computers, the story turned out to be very different.
While 94 percent of those polled had antivirus software, just half had updated it in the past month, the survey showed. Eighty-one percent had a firewall protecting private information, but just 64 percent had enabled it. And 70 percent said they had antispyware software, but only 55 percent had enabled it.
Spyware not only monitors what a computer user does, but can also install software without the user's consent and interfere with the computer in other ways.
Bari Abdul, a McAfee vice president, said most viruses were not written by attention-seeking hackers looking to pull a prank.
"Most of the action has gone to stealing identity," he said after speaking at a cybersecurity conference sponsored by the National Cyber Security Alliance.
Nine percent of those polled reported having had their identity stolen, he said.
Fully 87 percent of Americans polled said they had antivirus software, 73 percent said they had a firewall and 70 percent said they had antispyware software, according to the survey by security software maker McAfee and the National Cyber Security Alliance.
But when pollsters asked to remotely scan the respondents' computers, the story turned out to be very different.
While 94 percent of those polled had antivirus software, just half had updated it in the past month, the survey showed. Eighty-one percent had a firewall protecting private information, but just 64 percent had enabled it. And 70 percent said they had antispyware software, but only 55 percent had enabled it.
Spyware not only monitors what a computer user does, but can also install software without the user's consent and interfere with the computer in other ways.
Bari Abdul, a McAfee vice president, said most viruses were not written by attention-seeking hackers looking to pull a prank.
"Most of the action has gone to stealing identity," he said after speaking at a cybersecurity conference sponsored by the National Cyber Security Alliance.
Nine percent of those polled reported having had their identity stolen, he said.
Hackers steal server log-ins from hosting vendor
22 September 07 09:58 PM
Server hosting vendor Layered Technologies
Inc. admitted this week that hackers broke
into its support database and made off with
as many as 6,000 client records, including
log-in information that could give criminals
access to clients' servers.
The Plano, Texas, company, which operates a pair of data centers that hold the physical servers it manages for clients, said the break-in happened sometime Monday night. "The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, e-mail addresses and server log-in details for [5,000] to 6,000 of our clients," the firm's CEO, Todd Abrams, wrote on the company blog Tuesday.
According to other information posted on the blog, the database was reached through a vulnerability in a Web-based application used by Layered's help desk. After hacking the Web application, the criminals next accessed the support database. "This allowed them to then view tickets and their contents," said someone identified as Jeremy using the moniker of "LTADMIN."
"This attack was done using an open protocol (HTTP), which allowed them to then get into the database," Jeremy added.
The Plano, Texas, company, which operates a pair of data centers that hold the physical servers it manages for clients, said the break-in happened sometime Monday night. "The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, e-mail addresses and server log-in details for [5,000] to 6,000 of our clients," the firm's CEO, Todd Abrams, wrote on the company blog Tuesday.
According to other information posted on the blog, the database was reached through a vulnerability in a Web-based application used by Layered's help desk. After hacking the Web application, the criminals next accessed the support database. "This allowed them to then view tickets and their contents," said someone identified as Jeremy using the moniker of "LTADMIN."
"This attack was done using an open protocol (HTTP), which allowed them to then get into the database," Jeremy added.
Unix admin pleads guilty to planting logic bomb at Medco Health
22 September 07 09:57 PM
A former Unix system administrator at Medco
Health Solutions Inc.'s Fair Lawn, N.J.,
office on Wednesday pleaded guilty in federal
court to attempting to sabotage critical
data, including individual prescription drug
data, on more than 70 servers.
Yung-Hsun Lin, also known as Andy Lin, 51, of Montville, N.J., is scheduled to be sentenced on Jan. 8. He faces a maximum sentence of 10 years and a fine of $250,000.
Lin was one of several systems administrators at Medco who feared they would get laid off when their company was being spun off from drug maker Merck & Co. in 2003, according to a statement released by federal law enforcement authorities. Apparently angered by the prospect of losing his job, Lin on Oct. 2, 2003, created a "logic bomb" by modifying existing computer code and inserting new code into Medco's servers.
The bomb was originally set to go off on April 23, 2004, on Lin's birthday. When it failed to deploy because of a programming error, Lin reset the logic bomb to deploy on April 23, 2005, despite the fact that he had not been laid off as feared. The bomb was discovered and neutralized in early January 2005, after it was discovered by a Medco computer systems administrator investigating a system error.
Had it gone off as scheduled, the malicious code would have wiped out data stored on 70 servers. Among the databases that would have been affected was a critical one that maintained patient-specific drug interaction information that pharmacists use to determine whether conflicts exist among an individual's prescribed drugs. Also affected would have been information on clinical analyses, rebate applications, billing, new prescription call-ins from doctors, coverage determination applications and employee payroll data.
Yung-Hsun Lin, also known as Andy Lin, 51, of Montville, N.J., is scheduled to be sentenced on Jan. 8. He faces a maximum sentence of 10 years and a fine of $250,000.
Lin was one of several systems administrators at Medco who feared they would get laid off when their company was being spun off from drug maker Merck & Co. in 2003, according to a statement released by federal law enforcement authorities. Apparently angered by the prospect of losing his job, Lin on Oct. 2, 2003, created a "logic bomb" by modifying existing computer code and inserting new code into Medco's servers.
The bomb was originally set to go off on April 23, 2004, on Lin's birthday. When it failed to deploy because of a programming error, Lin reset the logic bomb to deploy on April 23, 2005, despite the fact that he had not been laid off as feared. The bomb was discovered and neutralized in early January 2005, after it was discovered by a Medco computer systems administrator investigating a system error.
Had it gone off as scheduled, the malicious code would have wiped out data stored on 70 servers. Among the databases that would have been affected was a critical one that maintained patient-specific drug interaction information that pharmacists use to determine whether conflicts exist among an individual's prescribed drugs. Also affected would have been information on clinical analyses, rebate applications, billing, new prescription call-ins from doctors, coverage determination applications and employee payroll data.
TD Ameritrade's 6 million customers hit with security breach
15 September 07 06:50 PM
Online trading company TD Ameritrade
alerted more than 6 million
customers
Friday that a security breach occurred with
its client information database.
The database contained such sensitive information as clients' names, Social Security numbers, dates of birth, addresses, phone numbers and trading activity.
Ameritrade, however, stressed that it has no evidence that Social Security numbers and client demographics, such as birth dates and trading activity information, were retrieved or used to commit identity theft. The company also notes that Ameritrade's user log-ins and passwords were not part of the database.
The discovery was made a couple of weeks ago, when the online broker learned that investment-related spam had infiltrated the brokers' system. The malicious code allowed a hacker to access some of the information stored in the database.
The database contained such sensitive information as clients' names, Social Security numbers, dates of birth, addresses, phone numbers and trading activity.
Ameritrade, however, stressed that it has no evidence that Social Security numbers and client demographics, such as birth dates and trading activity information, were retrieved or used to commit identity theft. The company also notes that Ameritrade's user log-ins and passwords were not part of the database.
The discovery was made a couple of weeks ago, when the online broker learned that investment-related spam had infiltrated the brokers' system. The malicious code allowed a hacker to access some of the information stored in the database.
The 8 secrets that make Apple No. 1 - by Mike Elgan
14 September 07 11:46 PM
Read this excellent article
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9036299&pageNumber=1
China accused of cyberattacks on New Zealand
14 September 07 12:47 AM
The New Zealand secret service has suggested
the Chinese government was behind attacks on
the country's networks.
New Zealand Prime Minister Helen Clark yesterday assured reporters that no classified information had been compromised but confirmed that she believes that foreign-government spies were behind the cyberattack.
While Clark said officials know which government was behind the attack, she would not name the country suspected.
"We have very smart people to provide protection every time an attack is tried. Obviously, we learn from that," she told reporters.
New Zealand Prime Minister Helen Clark yesterday assured reporters that no classified information had been compromised but confirmed that she believes that foreign-government spies were behind the cyberattack.
While Clark said officials know which government was behind the attack, she would not name the country suspected.
"We have very smart people to provide protection every time an attack is tried. Obviously, we learn from that," she told reporters.
FBI planted spyware on teen's PC to trace bomb threats
13 September 07 10:02 PM
The FBI planted spyware on the computer used
by a Washington state teenager to finger him
as the person behind a rash of bomb threats
e-mailed to his high school, court documents
revealed this week.
The 15-year-old, a former student at Timberline High School in Lacey, Wash., pleaded guilty Monday to making the bomb threats, as well as to identity theft charges, according to The Olympian. He was sentenced to 90 days in juvenile detention and must pay the school district $8,852 to cover expenses. The first e-mailed bomb threat was sent June 4.
In several of the messages, the student taunted school authorities and police for their inability to trace the e-mails to him. "Seeing as how you're too stupid to trace the e-mail back lets get serious," an e-mail on June 5 said, according to an unsealed search warrant application filed with a Seattle federal court in mid-June. "Stop pretending to be 'tracing it' because I already told you it's coming from Italy. That is where trace will stop, so just stop trying."
Within days, however, the FBI had obtained a warrant that allowed the agency to infect the student's computer with a program it called a Computer & Internet Protocol Address Verifier (CIPAV). "If a warrant is approved, a communication will be sent to the computer being used to administer [the MySpace] user account 'Timberlinebombinfo,'" said FBI Special Agent Norman Sanders in the June 12 filing.
The 15-year-old, a former student at Timberline High School in Lacey, Wash., pleaded guilty Monday to making the bomb threats, as well as to identity theft charges, according to The Olympian. He was sentenced to 90 days in juvenile detention and must pay the school district $8,852 to cover expenses. The first e-mailed bomb threat was sent June 4.
In several of the messages, the student taunted school authorities and police for their inability to trace the e-mails to him. "Seeing as how you're too stupid to trace the e-mail back lets get serious," an e-mail on June 5 said, according to an unsealed search warrant application filed with a Seattle federal court in mid-June. "Stop pretending to be 'tracing it' because I already told you it's coming from Italy. That is where trace will stop, so just stop trying."
Within days, however, the FBI had obtained a warrant that allowed the agency to infect the student's computer with a program it called a Computer & Internet Protocol Address Verifier (CIPAV). "If a warrant is approved, a communication will be sent to the computer being used to administer [the MySpace] user account 'Timberlinebombinfo,'" said FBI Special Agent Norman Sanders in the June 12 filing.
Hacker / security expert charged with massive credit card theft
13 September 07 07:56 PM
A California man who served jail time for
hacking hundreds of military and government
computers nine years ago was charged
yesterday with new computer crimes: stealing
tens of thousands of credit card accounts by
breaking into bank and card processing
networks.
Max Ray Butler, 35 of San Francisco, a.k.a Max Vision, and also known by his online nicknames of Iceman, Digits and Aphex, was indicted Tuesday by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identity information. Arrested last week in California, where he remains, Butler could face up to 40 years in prison and a $1.5 million fine if he is convicted on all five counts.
According to the indictment, Butler hacked multiple computer networks of financial institutions and card processing firms, sold the account and identity information he stole from those systems, and even received a percentage of the money that others made selling merchandise they'd purchased with the stolen card numbers. The U.S. Secret Service ran the investigation into the hacks and resulting scams, which took place between June 2005 and September of this year.
Max Ray Butler, 35 of San Francisco, a.k.a Max Vision, and also known by his online nicknames of Iceman, Digits and Aphex, was indicted Tuesday by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identity information. Arrested last week in California, where he remains, Butler could face up to 40 years in prison and a $1.5 million fine if he is convicted on all five counts.
According to the indictment, Butler hacked multiple computer networks of financial institutions and card processing firms, sold the account and identity information he stole from those systems, and even received a percentage of the money that others made selling merchandise they'd purchased with the stolen card numbers. The U.S. Secret Service ran the investigation into the hacks and resulting scams, which took place between June 2005 and September of this year.
Man charged with impersonating a lawyer to take over domain names
12 September 07 04:59 PM
He threatened to bring $100k lawsuits against
Web site name owners
A Las Vegas man has agreed to plead guilty to wire fraud for impersonating an intellectual property lawyer and threatening to sue owners of certain Internet domain names.
David Dominic Scali, 28, will be arraigned in U.S. District Court in Los Angeles on the charge in the coming weeks.
According to court documents, from June 26, 2006, to July 6, 2006, Scali used an alias to set up an e-mail account from which he sent e-mails to various domain name owners claiming to be an intellectual property lawyer. Scali threatened to file $100,000 trademark infringement lawsuits against the owners of the Web site names unless they gave up their domain name registrations within two days.
The wire fraud concerned a victim who surrendered a URL that was similar to www.citysearch.com. In his plea agreement, Scali admitted that he intended to obtain the domain names for his own personal financial gain.
A Las Vegas man has agreed to plead guilty to wire fraud for impersonating an intellectual property lawyer and threatening to sue owners of certain Internet domain names.
David Dominic Scali, 28, will be arraigned in U.S. District Court in Los Angeles on the charge in the coming weeks.
According to court documents, from June 26, 2006, to July 6, 2006, Scali used an alias to set up an e-mail account from which he sent e-mails to various domain name owners claiming to be an intellectual property lawyer. Scali threatened to file $100,000 trademark infringement lawsuits against the owners of the Web site names unless they gave up their domain name registrations within two days.
The wire fraud concerned a victim who surrendered a URL that was similar to www.citysearch.com. In his plea agreement, Scali admitted that he intended to obtain the domain names for his own personal financial gain.
IT Manager Convicted of Hacking Ex-Employer
11 September 07 02:42 PM
A former technical services manager at the
Council of Community Clinics in San Diego
faces up to 10 years in prison after being
convicted in federal court of hacking into
the nonprofit organization’s computers and
sabotaging patient data. Jon Paul Oson could
also be fined up to $500,000 at his
sentencing in November, the FBI said. Oson
was arrested in August 2006 on charges of
damaging computers belonging to the
organization, which provides services to 17
health clinics.
Oson accessed the computers two months after resigning because of what he perceived to be a negative performance evaluation, the FBI said. He was accused of deleting software and data, including bills, appointment schedules, case histories, diagnoses and treatment plans.
Oson accessed the computers two months after resigning because of what he perceived to be a negative performance evaluation, the FBI said. He was accused of deleting software and data, including bills, appointment schedules, case histories, diagnoses and treatment plans.
Indian government forcing cybercafés to install keyloggers
11 September 07 12:58 PM
The
roughly 500 cybercafés in Mumbai, India, will
soon have police-sanctioned keylogging
software installed on their machines in the
name of fighting terrorism. The software will
track everything entered into web forms, chat
rooms, e-mail, and more, and report it back
to the government. Mumbai police say that
cybercafé owners must agree to the
installation of the software or else they
will lose their licenses.
All cybercafés in Mumbai will need to work with the police to register the number of computers available, the types of computers, and the IP address of each machine. If they do not follow police orders, the owners of the cybercafés face stiff fines and "stringent action" under the Bombay Police Act.
All cybercafés in Mumbai will need to work with the police to register the number of computers available, the types of computers, and the IP address of each machine. If they do not follow police orders, the owners of the cybercafés face stiff fines and "stringent action" under the Bombay Police Act.
Ex-IT employee sues Providence Health for wrongful termination
09 September 07 02:25 PM
In December 2005, a thief broke into Steven
Shields' car at his Oregon home and walked
off with computer disks and tapes containing
unencrypted personal information on 365,000
patients at Portland's Providence Health
Systems.
The breach was the largest of its kind in Oregon history and resulted in a class-action lawsuit against the health care provider and a nine-month-long investigation by the state attorney general. That probe ended with a $95,000 settlement paid out by Providence Health.
Now, in a new twist in the case, Shields -- a former IT worker for the health care agency -- has filed a wrongful termination lawsuit against Providence Health, claiming he was fired in February 2006 simply because he reported the theft to local law enforcement officials.
The lawsuit, filed at the Multnomah County Circuit Court on Aug. 28, seeks $1 million in damages for lost wages and what Shields' attorney said was the emotional distress caused by the firing. In addition to anxiety, depression and humiliation, the firing also caused anger, lost sleep and skin disorders, the lawsuit said.
"Steve was a 10-year employee with a good record," said Kevin Keaney, the attorney representing Shields in the suit. "Steve was fired because he made a report on the stolen media to the sheriff," Keaney said. According to Keaney, prior to Shields' reporting the data theft to law enforcement, there was nothing in his employment history at Providence to suggest he would be fired.
The breach was the largest of its kind in Oregon history and resulted in a class-action lawsuit against the health care provider and a nine-month-long investigation by the state attorney general. That probe ended with a $95,000 settlement paid out by Providence Health.
Now, in a new twist in the case, Shields -- a former IT worker for the health care agency -- has filed a wrongful termination lawsuit against Providence Health, claiming he was fired in February 2006 simply because he reported the theft to local law enforcement officials.
The lawsuit, filed at the Multnomah County Circuit Court on Aug. 28, seeks $1 million in damages for lost wages and what Shields' attorney said was the emotional distress caused by the firing. In addition to anxiety, depression and humiliation, the firing also caused anger, lost sleep and skin disorders, the lawsuit said.
"Steve was a 10-year employee with a good record," said Kevin Keaney, the attorney representing Shields in the suit. "Steve was fired because he made a report on the stolen media to the sheriff," Keaney said. According to Keaney, prior to Shields' reporting the data theft to law enforcement, there was nothing in his employment history at Providence to suggest he would be fired.
China hosts nearly half of all malware sites
05 September 07 07:27 PM
China is host to almost half of the world's
malware-infected Web sites.
According to a report released Monday by antivirus company Sophos, China--including Hong Kong--hosted 44.8 percent of the world's infected sites in August. The U.S. ranked a distant second, hosting 20.8 percent of sites that contain malicious code. The number of infected Web pages has also grown. Sophos said it detected an average of 5,000 new infected pages each day in the month of August.
The company warned that simply staying clear of sites hosted in the top three countries of China, the U.S. and Russia is not an effective method of avoiding malware. "Hackers are hijacking Web sites around the world to make them point to malware on sites based in China, the U.S. and Russia," Carole Theriault, Sophos senior security consultant, said in a statement. Sophos also warned about a sharp rise in spam pointing people to these infected sites. Malicious senders, in an attempt to bypass attachment virus scanners, are using messages that direct people to Web sites with malicious code. Computers get infected when people click on the links in the e-mail message.
"Most malware writers...are using spam and the Web to infect users," Theriault said. "Criminals are hard at work trying to slip past filters at the corporate gateway." June saw a spike in spam hosted on Chinese domains, when the figure rose from almost zero to 450 spam domains.
According to a report released Monday by antivirus company Sophos, China--including Hong Kong--hosted 44.8 percent of the world's infected sites in August. The U.S. ranked a distant second, hosting 20.8 percent of sites that contain malicious code. The number of infected Web pages has also grown. Sophos said it detected an average of 5,000 new infected pages each day in the month of August.
The company warned that simply staying clear of sites hosted in the top three countries of China, the U.S. and Russia is not an effective method of avoiding malware. "Hackers are hijacking Web sites around the world to make them point to malware on sites based in China, the U.S. and Russia," Carole Theriault, Sophos senior security consultant, said in a statement. Sophos also warned about a sharp rise in spam pointing people to these infected sites. Malicious senders, in an attempt to bypass attachment virus scanners, are using messages that direct people to Web sites with malicious code. Computers get infected when people click on the links in the e-mail message.
"Most malware writers...are using spam and the Web to infect users," Theriault said. "Criminals are hard at work trying to slip past filters at the corporate gateway." June saw a spike in spam hosted on Chinese domains, when the figure rose from almost zero to 450 spam domains.
Hacked: Email inboxes of Indian missions in US and China; NDA, DRDO officials too
05 September 07 01:26 PM
NEW DELHI, AUGUST 30: Taking
a dig at cyber security reparedness levels, a
hacker, who claims to be based in Sweden,
posted online this evening the passwords of
100 email accounts of embassies and
government offices across the world,
including 13 Indian accounts, containing
classified information and correspondence.
Top on the list of passwords that have been posted on http://derangedsecurity.com give access to email accounts of Indian Ambassadors to China, US, Sweden, Germany, Italy, Oman, Finland besides officials of the National Defence Academy (NDA) and Defence Research and Development Organisation (DRDO).
Other accounts include those of the embassies of Uzbekistan, Iran, Afghanistan, Pakistan, Japan, China, UK and Russia.
To check the authenticity, The Indian Express sent a test mail to the Indian Ambassador in China on her official email ID and, using the password posted online, was able to access it. The email account of the Indian Ambassador to China contained details of a visit by Rajya Sabha member Arjun Sengupta to Beijing earlier this month for an ILO conference. There was also a transcript of a meeting this evening which a senior Indian official had with the Chinese Foreign Minister.
This is the hacker's site with the passwords
Top on the list of passwords that have been posted on http://derangedsecurity.com give access to email accounts of Indian Ambassadors to China, US, Sweden, Germany, Italy, Oman, Finland besides officials of the National Defence Academy (NDA) and Defence Research and Development Organisation (DRDO).
Other accounts include those of the embassies of Uzbekistan, Iran, Afghanistan, Pakistan, Japan, China, UK and Russia.
To check the authenticity, The Indian Express sent a test mail to the Indian Ambassador in China on her official email ID and, using the password posted online, was able to access it. The email account of the Indian Ambassador to China contained details of a visit by Rajya Sabha member Arjun Sengupta to Beijing earlier this month for an ILO conference. There was also a transcript of a meeting this evening which a senior Indian official had with the Chinese Foreign Minister.
This is the hacker's site with the passwords
China denies its military hacked Pentagon network
05 September 07 10:47 AM
China today denied allegations that its
military hacked a Pentagon network in June --
the second time in as many weeks that the
country has responded to charges of
sponsoring computer attacks. "Some people are
making wild accusations against China and
wantonly saying the Chinese military attacked
the Pentagon's computer network," Jiang Yu, a
foreign ministry spokeswoman said in Beijing,
according to the
state-controlled Xinhua news
service.
"These are totally groundless and also
reflect a Cold War mentality," she
added.
Pfizer confirms third breach involving employee data since June
05 September 07 10:43 AM
As many as 34,000 workers may be vulnerable
to ID theft
Pfizer Inc. appears to be having an especially hard time of late keeping its employee data secure. The company today confirmed that as many as 34,000 of its employees may be at risk of identity theft after a former employee illegally accessed and download copies of confidential information from a Pfizer computer system without the company's knowledge. The compromised information included, names, Social Security numbers, dates of birth, phone numbers and bank and credit card information. The incident occurred sometime late last year but was discovered by Pfizer only on July 10, according to Pfizer spokeswoman Shreya Prudlo. The company started notifying individuals of the breach on Aug. 24 -- more than six weeks after learning of the incident.
Pfizer Inc. appears to be having an especially hard time of late keeping its employee data secure. The company today confirmed that as many as 34,000 of its employees may be at risk of identity theft after a former employee illegally accessed and download copies of confidential information from a Pfizer computer system without the company's knowledge. The compromised information included, names, Social Security numbers, dates of birth, phone numbers and bank and credit card information. The incident occurred sometime late last year but was discovered by Pfizer only on July 10, according to Pfizer spokeswoman Shreya Prudlo. The company started notifying individuals of the breach on Aug. 24 -- more than six weeks after learning of the incident.
AT&T laptop theft exposes employee data
02 September 07 07:22 AM
AT&T Inc.
and Maryland's Department of the Environment
have become the latest organizations to find
out firsthand why security analysts for some
time now have advocated the use of encryption
to protect sensitive data on laptops and
other mobile devices.
A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.
A spokesman for AT&T today confirmed the July 27 incident and said it affected only people who were employees of AT&T before it was acquired by SBC Communications Inc. in 2005 and became AT&T Inc. No data involving employees of SBC, BellSouth or Cingular was affected, the spokesman said.
According to the spokesman, the stolen laptop contained information about AT&T Corp.'s benefits plans and was password-protected. He did not say whether the person from whom the laptop was stolen was authorized to carry the information on the device.
A laptop containing unencrypted personal data on current and former employees of the former AT&T Corp. was stolen recently from the car of an employee of a professional services firm doing work for the company. That theft prompted the company to notify an unspecified number of individuals about the potential compromise of their Social Security numbers, names and other personal details.
A spokesman for AT&T today confirmed the July 27 incident and said it affected only people who were employees of AT&T before it was acquired by SBC Communications Inc. in 2005 and became AT&T Inc. No data involving employees of SBC, BellSouth or Cingular was affected, the spokesman said.
According to the spokesman, the stolen laptop contained information about AT&T Corp.'s benefits plans and was password-protected. He did not say whether the person from whom the laptop was stolen was authorized to carry the information on the device.
Bank of India site hacked, serves up 22 exploits
02 September 07 07:19 AM
The Bank of India Web site was hacked
sometime Wednesday night (U.S. time) and
seeded with a wide, wild array of malware
that infected any users running unpatched
browsers, security researchers said today.
Although the
bank's
site
had been scoured of all malware by Friday
morning, it's currently offline. "This site
is under temporary maintenance and will be
available after 09:00 IST on 1.09.07," a
prominent message currently reads.
Researchers at
Sunbelt Software Inc.
first posted
details of the hack
yesterday afternoon after finding rogue code
embedded in the site's HTML. That code,
actually an IFRAME exploit, silently
redirected users to a hacker server, which
pushed 22 different pieces of malware onto
vulnerable PCs. By Sunbelt's tally, the
malware included one worm, three rootkits,
five Trojan downloaders, and several password
stealers. "The biggest issue is the sheer
volume of malware we've had to analyze,"
said
Alex Eckelberry,
Sunbelt's CEO, in a blog posting yesterday.
Other researchers dug up more information. According to Roger Thompson, the chief technology officer of Exploit Prevention Labs Inc., the bank's site was compromised sometime between late Wednesday and early Thursday (U.S. time). How it was hacked, however, is yet unknown, as is how many bank customers might have been infected by the attacks. When contacted Friday, executives and IT administrators at U.S. offices of Bank of India were unaware of the hack. Later, after reaching his colleagues in India, a U.S.-based spokesman said only: "They are aware of the problem. Bank IT and security people are working on this now." He had no other information on the severity of the attack or its duration, however.
Other researchers dug up more information. According to Roger Thompson, the chief technology officer of Exploit Prevention Labs Inc., the bank's site was compromised sometime between late Wednesday and early Thursday (U.S. time). How it was hacked, however, is yet unknown, as is how many bank customers might have been infected by the attacks. When contacted Friday, executives and IT administrators at U.S. offices of Bank of India were unaware of the hack. Later, after reaching his colleagues in India, a U.S.-based spokesman said only: "They are aware of the problem. Bank IT and security people are working on this now." He had no other information on the severity of the attack or its duration, however.
Personal info on 150,000 job seekers at USAJobs stolen
02 September 07 07:18 AM
The identity thieves who ransacked
Monster.com's database also made off with the
personal information of 146,000 people who
use USAJobs, the federal government's
official job search site, federal officials
said today.
Monster Worldwide Inc. operates the USAJobs.gov Web site for the Office of Personnel Management (OPM), the independent agency that manages the federal civil service. Like Monster's commercial sites, USAJobs lets job seekers post resumes and federal agencies post job openings. Of the 2 million subscribers to the federal job site, about 146,000 were affected by the heist engineered by Infostealer.Monstres, a Trojan horse that used legitimate log-on credentials stolen from recruiters to sift through the Monster database. According to Monster executives, the Trojan absconded with the names, addresses, e-mail addresses and phone numbers of some 1.3 million people. Although stored in the Monster databases, some of those people were USAJobs users. No Social Security numbers were stolen, the OPM stressed in an alert posted to USAJobs.
Monster Worldwide Inc. operates the USAJobs.gov Web site for the Office of Personnel Management (OPM), the independent agency that manages the federal civil service. Like Monster's commercial sites, USAJobs lets job seekers post resumes and federal agencies post job openings. Of the 2 million subscribers to the federal job site, about 146,000 were affected by the heist engineered by Infostealer.Monstres, a Trojan horse that used legitimate log-on credentials stolen from recruiters to sift through the Monster database. According to Monster executives, the Trojan absconded with the names, addresses, e-mail addresses and phone numbers of some 1.3 million people. Although stored in the Monster databases, some of those people were USAJobs users. No Social Security numbers were stolen, the OPM stressed in an alert posted to USAJobs.
Hacks hit embassy, government e-mail accounts worldwide
02 September 07 07:14 AM
Usernames and passwords for more than 100
e-mail accounts at embassies and governments
worldwide have been posted online. Using the
information, anyone can access the accounts
that have been compromised. Computer Sweden
has verified the posted information and
spoken to the person who posted them. The
posted information includes names of the
embassies and governments, addresses to
e-mail servers, usernames and passwords.
Among the organizations on the list are the
foreign ministry of Iran, the Kazakh and
Indian embassies in the U.S. and the Russian
embassy in Sweden. Freelance security
consultant Dan Egerstad posted the
information. He spoke openly about the leak
when Computer Sweden contacted him.
"I did an experiment and came across the information by accident," he said. Egerstad says he never used the information to log in to any of the compromised accounts in order not to break any laws. omputer Sweden confirmed that the login details for at least one of the accounts is correct. Egerstad forwarded an e-mail sent on Aug. 20 by an employee at the Swedish royal court to the Russian embassy. The person who sent the e-mail, in which she declines an invitation to the Russian embassy, has confirmed that she sent the e-mail.
"Yes, that is right. We did decline the invitation. As far as I can remember I did send the e-mail," she said. Computer Sweden has not been able to confirm the authenticity of any of the other information that has been posted. "When something like this happens you usually contact people and ask them to fix it. But in this case it felt too big for that, calling to other countries," Egerstad said.
Of the compromised accounts, 10 belong to the Kazakh embassy in Russia. Around 40 belong to Uzbeki embassies and consulates around the world. Login details for e-mail accounts at the U.K. visa office in Nepal were also posted. Login details for the foreign ministry of Iran, the Kazakh and Indian embassies in the U.S. and the Russian embassy in Sweden were also posted.
"I hope this makes them take action. Hopefully, faster than ever before, and I hope they become a bit more aware of security issues," Dan Egerstad said. Computer Sweden has contacted both the Russian and Indian embassies in Stockholm for comment. The Russian embassy confirmed the leaks and says that logins have now been changed. The Indian embassy declined to confirm the information and give comment. Computer Sweden has not published where the login details can be found. The information in this story has been verified by Computer Sweden without using any of the published login details.
"I did an experiment and came across the information by accident," he said. Egerstad says he never used the information to log in to any of the compromised accounts in order not to break any laws. omputer Sweden confirmed that the login details for at least one of the accounts is correct. Egerstad forwarded an e-mail sent on Aug. 20 by an employee at the Swedish royal court to the Russian embassy. The person who sent the e-mail, in which she declines an invitation to the Russian embassy, has confirmed that she sent the e-mail.
"Yes, that is right. We did decline the invitation. As far as I can remember I did send the e-mail," she said. Computer Sweden has not been able to confirm the authenticity of any of the other information that has been posted. "When something like this happens you usually contact people and ask them to fix it. But in this case it felt too big for that, calling to other countries," Egerstad said.
Of the compromised accounts, 10 belong to the Kazakh embassy in Russia. Around 40 belong to Uzbeki embassies and consulates around the world. Login details for e-mail accounts at the U.K. visa office in Nepal were also posted. Login details for the foreign ministry of Iran, the Kazakh and Indian embassies in the U.S. and the Russian embassy in Sweden were also posted.
"I hope this makes them take action. Hopefully, faster than ever before, and I hope they become a bit more aware of security issues," Dan Egerstad said. Computer Sweden has contacted both the Russian and Indian embassies in Stockholm for comment. The Russian embassy confirmed the leaks and says that logins have now been changed. The Indian embassy declined to confirm the information and give comment. Computer Sweden has not published where the login details can be found. The information in this story has been verified by Computer Sweden without using any of the published login details.
Japan military homes, destroyer raided over data leak
29 August 07 04:22 PM
August 28, 2007
(IDG News Service) -- The homes of several
serving members of Japan's Maritime Self
Defense Force (JMSDF) and a destroyer were
raided as part of an investigation into a
leak of sensitive military data from a
computer, Japan's Kyodo News reported
Tuesday.
Officers from the Kanagawa prefectural police force and the JMSDF's own criminal investigations unit are investigating the leak of information related to the Aegis missile defense system, the sea-based Standard Missile-3 interceptor system and the reconnaissance satellite data exchange Link 16 system.
The Aegis leak first came to light in March this year when police were conducting an immigration-related investigation into the Chinese wife of a JMSDF officer. During the search they came across the data, which included the radar and transmission frequencies of the Aegis system. The officer wasn't authorized to be in possession of the data so the investigation was begun.
He apparently came into possession of the data while swapping pornography with another JMSDF officer, according to a previous report in the Yomiuri Shimbun newspaper.
The issue has proved embarrassing for Japan, which is a close ally of the U.S.
Japan's Defense Minister apologized to his U.S. counterpart during a visit to Washington, D.C., earlier this year and in June during a speech in Tokyo Lieutenant General Bruce Wright, commander of U.S. Forces Japan, called the leak "a very serious security problem."
It's also come at a bad time. Japan is pushing Washington to allow it access to technical details of the F22A Raptor, one of the most technically advanced jets in the U.S. fleet, as part of its evaluation of the jet ahead of a possible purchase. The U.S. has to date not accepted the request.
Data security at Japanese military and government institutions has been in the spotlight in the last year. The rapid spread of viruses on file sharing networks has served to highlight that many employees and service personnel run file sharing software on official computers. The viruses have caused sensitive documents to be published and shared with data inevitably ending up on the Web.
Officers from the Kanagawa prefectural police force and the JMSDF's own criminal investigations unit are investigating the leak of information related to the Aegis missile defense system, the sea-based Standard Missile-3 interceptor system and the reconnaissance satellite data exchange Link 16 system.
The Aegis leak first came to light in March this year when police were conducting an immigration-related investigation into the Chinese wife of a JMSDF officer. During the search they came across the data, which included the radar and transmission frequencies of the Aegis system. The officer wasn't authorized to be in possession of the data so the investigation was begun.
He apparently came into possession of the data while swapping pornography with another JMSDF officer, according to a previous report in the Yomiuri Shimbun newspaper.
The issue has proved embarrassing for Japan, which is a close ally of the U.S.
Japan's Defense Minister apologized to his U.S. counterpart during a visit to Washington, D.C., earlier this year and in June during a speech in Tokyo Lieutenant General Bruce Wright, commander of U.S. Forces Japan, called the leak "a very serious security problem."
It's also come at a bad time. Japan is pushing Washington to allow it access to technical details of the F22A Raptor, one of the most technically advanced jets in the U.S. fleet, as part of its evaluation of the jet ahead of a possible purchase. The U.S. has to date not accepted the request.
Data security at Japanese military and government institutions has been in the spotlight in the last year. The rapid spread of viruses on file sharing networks has served to highlight that many employees and service personnel run file sharing software on official computers. The viruses have caused sensitive documents to be published and shared with data inevitably ending up on the Web.
Monster.com Attacked by Trojans
28 August 07 05:18 AM
During
the week end, as reported by the security
companies Symantec and SecureWorks,
Monster.com, one of the largest recruitment
sites, has suffered a security breach and a
Trojan horse has stolen more than 1.6 million
records of the people registered to the site.
According to a post signed by Symantec security analyst Amado Hidalgo, the Trojan horse, called Infostealer.Monstres, appears to be using the credentials of a number of recruiters to login to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields.
The data retrieved by the Trojan are then used to target the Monster.com users with credible phishing mail that plants more malware on their machines
"The Trojan sends HTTP commands to the Monster.com Website to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches," Hidalgo explained on Symantec’s blog.
The personal information filched from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers, said Hidalgo.
Hidalgo also noted that the main file used by Infostealer.Monstres, ntos.exe, is also commonly used by Trojan.Gpcoder.E and both also have a similar icon for the executable file that reproduces the Monster.com company logo. Furthermore the code for Gpcoder is rather similar to that of Monstres, which may indicate the same hacker group is behind both Trojans.
Symantec quickly informed Monster.com about their discoveries and the security company advises users to protect their identity when using recruitment sites, or at least limit their exposure to identity theft, by limiting the contact information posted on these sites and never disclosing sensitive details such as your Social Security number, passport or driver’s license numbers, bank account information.
"We are investigating the reports related to this Trojan and will take any necessary steps indicated by that investigation," Monster.com spokesman Steve Sylven said Sunday in an e-mail.
According to a post signed by Symantec security analyst Amado Hidalgo, the Trojan horse, called Infostealer.Monstres, appears to be using the credentials of a number of recruiters to login to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields.
The data retrieved by the Trojan are then used to target the Monster.com users with credible phishing mail that plants more malware on their machines
"The Trojan sends HTTP commands to the Monster.com Website to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches," Hidalgo explained on Symantec’s blog.
The personal information filched from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers, said Hidalgo.
Hidalgo also noted that the main file used by Infostealer.Monstres, ntos.exe, is also commonly used by Trojan.Gpcoder.E and both also have a similar icon for the executable file that reproduces the Monster.com company logo. Furthermore the code for Gpcoder is rather similar to that of Monstres, which may indicate the same hacker group is behind both Trojans.
Symantec quickly informed Monster.com about their discoveries and the security company advises users to protect their identity when using recruitment sites, or at least limit their exposure to identity theft, by limiting the contact information posted on these sites and never disclosing sensitive details such as your Social Security number, passport or driver’s license numbers, bank account information.
"We are investigating the reports related to this Trojan and will take any necessary steps indicated by that investigation," Monster.com spokesman Steve Sylven said Sunday in an e-mail.
'Storm' Trojan horse taps into YouTube fever Hackers have changed their tactics again
28 August 07 04:17 AM
August 27, 2007
(Computerworld)
-- Hackers bent on spreading the Storm Trojan
horse have changed tactics again and are now
trying to dupe users into clicking on links
posing as
YouTube
videos, security vendors warn.
Storm, a.k.a. Peacomm and Nuwar, is now spreading via e-mail that includes a link that appears to be to a YouTube video, said Johannes Ullrich, chief research officer at the SANS Institute, on the Internet Storm Center's blog this weekend. "The link looks like a link to YouTube, but actually points to a 'numeric' URL like old Storm variants," said Ullrich. Placing the mouse cursor atop the bogus YouTube link will show a numeric IP address rather than the expected www.youtube.com, a good indicator of a scam attempt. Recipients who click on the link see a message that claims the video is loading in the background, said Vinoo Thomas, a researcher at McAfee Inc.'s Avert Labs. Actually, said Thomas, "an embedded obfuscated JavaScript routine attempts a cocktail of browser and application exploits." If any of those exploits are successful, Storm gets dropped on the PC.
Over the weekend, Roger Thompson, a researcher at Exploit Prevention Labs Inc., identified the multistrike exploit package as "Q406 Rollup," a collection that has made the rounds since late last year. Similar to other hacker kits such as Mpack, Q406 includes a dozen or more exploits. Storm's markers have become well-known for their skill at adapting their pitches to get users to open attached files or click on e-mailed links. Last week, a Symantec Corp. researcher said the group was "very adept" at creating persuasive messages.
"They have a knack for latching on to the latest newsworthy events and capitalizing on the public interest in them," said Hon Lu. "And if no newsworthy events are happening at the time, then they will just make them up." The Storm Trojan horse reportedly behind the summer's plague of malicious greeting card spam, and the machines it has infected -- by some accounts a massive botnet -- served as the launching pad for a huge wave of pump-and-dump stock scam spam earlier this month.
Storm, a.k.a. Peacomm and Nuwar, is now spreading via e-mail that includes a link that appears to be to a YouTube video, said Johannes Ullrich, chief research officer at the SANS Institute, on the Internet Storm Center's blog this weekend. "The link looks like a link to YouTube, but actually points to a 'numeric' URL like old Storm variants," said Ullrich. Placing the mouse cursor atop the bogus YouTube link will show a numeric IP address rather than the expected www.youtube.com, a good indicator of a scam attempt. Recipients who click on the link see a message that claims the video is loading in the background, said Vinoo Thomas, a researcher at McAfee Inc.'s Avert Labs. Actually, said Thomas, "an embedded obfuscated JavaScript routine attempts a cocktail of browser and application exploits." If any of those exploits are successful, Storm gets dropped on the PC.
Over the weekend, Roger Thompson, a researcher at Exploit Prevention Labs Inc., identified the multistrike exploit package as "Q406 Rollup," a collection that has made the rounds since late last year. Similar to other hacker kits such as Mpack, Q406 includes a dozen or more exploits. Storm's markers have become well-known for their skill at adapting their pitches to get users to open attached files or click on e-mailed links. Last week, a Symantec Corp. researcher said the group was "very adept" at creating persuasive messages.
"They have a knack for latching on to the latest newsworthy events and capitalizing on the public interest in them," said Hon Lu. "And if no newsworthy events are happening at the time, then they will just make them up." The Storm Trojan horse reportedly behind the summer's plague of malicious greeting card spam, and the machines it has infected -- by some accounts a massive botnet -- served as the launching pad for a huge wave of pump-and-dump stock scam spam earlier this month.
German gov't PCs hacked; China offers to investigate - Trojan horse programs were found on a number of computers
28 August 07 04:14 AM
August 27, 2007
(IDG News Service) -- Chinese Premier Wen
Jiabao described reports of Chinese hackers
breaking into German computers as a matter of
"grave concern" and said today that his
country will cooperate with Germany to
resolve the matter.
Wen's comments, made during a press conference with German Chancellor Angela Merkel in Beijing, were prompted by a report published two days earlier in the German news magazine Der Spiegel claiming that Chinese hackers had been able to infect German government computers with spyware.
Merkel said that for Chinese relations with industrialized countries to move ahead, everyone needs to "respect a set of game rules" and "protect intellectual property rights."
Security experts from Germany's Federal Office for Information Security (BSI) and Federal Data Protection Office discovered Trojan horse programs in computers used in several government ministries, including the Foreign Ministry, the Ministry of Economics and the Research and Development Ministry, as well as Merkel's office, Der Spiegel reported. Although the first Trojan horse software was detected in May, there have been continued attempts to sneak spyware into government computers via the Internet, according to the magazine. Security experts monitoring data traffic were able to stop the transmission of a 160GB file from a German ministry to China, but no one would say whether hackers succeeded in stealing other files, the magazine reported. The BSI and the Federal Data Protection Office declined to comment. A spokesman at the Federal Ministry of the Interior, while declining to comment on the Spiegel story specifically, said that the federal government is aware of increased efforts to steal information from computers in the private and public sectors. "We are making a huge effort to ensure that government systems remain protected from outside attacks," the spokesman said. "So far, we've been able to avoid any damage."
Wen's comments, made during a press conference with German Chancellor Angela Merkel in Beijing, were prompted by a report published two days earlier in the German news magazine Der Spiegel claiming that Chinese hackers had been able to infect German government computers with spyware.
Merkel said that for Chinese relations with industrialized countries to move ahead, everyone needs to "respect a set of game rules" and "protect intellectual property rights."
Security experts from Germany's Federal Office for Information Security (BSI) and Federal Data Protection Office discovered Trojan horse programs in computers used in several government ministries, including the Foreign Ministry, the Ministry of Economics and the Research and Development Ministry, as well as Merkel's office, Der Spiegel reported. Although the first Trojan horse software was detected in May, there have been continued attempts to sneak spyware into government computers via the Internet, according to the magazine. Security experts monitoring data traffic were able to stop the transmission of a 160GB file from a German ministry to China, but no one would say whether hackers succeeded in stealing other files, the magazine reported. The BSI and the Federal Data Protection Office declined to comment. A spokesman at the Federal Ministry of the Interior, while declining to comment on the Spiegel story specifically, said that the federal government is aware of increased efforts to steal information from computers in the private and public sectors. "We are making a huge effort to ensure that government systems remain protected from outside attacks," the spokesman said. "So far, we've been able to avoid any damage."
Things the folk checking your infosecurity really don't want to hear out of you
28 August 07 04:09 AM
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9030360
A child with a chocolate-smeared shirt says, "I didn't do it." The phone rings, and Mom assures you, "There's nothing to worry about." A systems administrator carrying a box of tapes says, "We'll have everything back up in a few minutes." Sometimes the first words you hear -- despite their distance from the truth -- tell you everything you need to know.
That's so with information security as well. Some words sound reassuring at first glance, but I've found they often point to problems safeguarding internal information assets and technical resources, or with the people and processes that protect them. Here are a few of the telltale phrases signaling that security trouble could be boiling over.
"We have a culture of security."
No, you don't.
I hear this most often from enterprises that started as a five-person mom-and-pop shop, went corporate as they grew, then blinked and found themselves operating with a thousand people and no governance or policies. Three dollars and their "culture of security" will get you a fancy cup of coffee in a quiet cafe, where you can contemplate how much work there is to do.
The simple fact is that without supporting directives or a mechanism for feedback, security is defined differently by each person and verified by no one. There is no metric for compliance with a "culture," and a "culture of security" is overridden by a culture of "get the job done" every time.
If there are rules, write them down. If technology is put in place to implement or monitor the rules, write that down too. If people break the rules, follow up. If the rules prevent legitimate business from getting done, change them. It's that simple.
A child with a chocolate-smeared shirt says, "I didn't do it." The phone rings, and Mom assures you, "There's nothing to worry about." A systems administrator carrying a box of tapes says, "We'll have everything back up in a few minutes." Sometimes the first words you hear -- despite their distance from the truth -- tell you everything you need to know.
That's so with information security as well. Some words sound reassuring at first glance, but I've found they often point to problems safeguarding internal information assets and technical resources, or with the people and processes that protect them. Here are a few of the telltale phrases signaling that security trouble could be boiling over.
"We have a culture of security."
No, you don't.
I hear this most often from enterprises that started as a five-person mom-and-pop shop, went corporate as they grew, then blinked and found themselves operating with a thousand people and no governance or policies. Three dollars and their "culture of security" will get you a fancy cup of coffee in a quiet cafe, where you can contemplate how much work there is to do.
The simple fact is that without supporting directives or a mechanism for feedback, security is defined differently by each person and verified by no one. There is no metric for compliance with a "culture," and a "culture of security" is overridden by a culture of "get the job done" every time.
If there are rules, write them down. If technology is put in place to implement or monitor the rules, write that down too. If people break the rules, follow up. If the rules prevent legitimate business from getting done, change them. It's that simple.
Monster.com waited 5 days to disclose data theft
28 August 07 02:59 AM
Monster.com waited five days to tell its
users about a security breach that resulted
in the theft of confidential information from
some 1.3 million job seekers, a company
executive told Reuters on Thursday.
Hackers broke into the U.S. online recruitment site's password-protected resume library using credentials that Monster Worldwide said were stolen from its clients, in one of the biggest Internet security breaches in recent memory. They launched the attack using two servers at a Web-hosting company in Ukraine and a group of personal computers that the hackers controlled after infecting them with a malicious software program known as Infostealer.Monstres, said Patrick Manzo, vice president of compliance and fraud prevention for Monster, in a phone interview. The company first learned of the problem on August 17, when investigators with Internet security company Symantec told Monster it was under attack, Manzo said. "In terms of figuring out what the issue was, that was a relatively quick process," he said. "The other issue is you want to make sure exactly what you are dealing with." His security team spent the weekend investigating, located the rogue servers, and got the Web-hosting company to shut them down some time either late in the evening on August 20, or early in the morning of August 21, he said. Manzo also said that based on Monster's review, the information stolen was limited to names, addresses, phone numbers and e-mail addresses, and no other details including bank account numbers were uploaded.
Hackers broke into the U.S. online recruitment site's password-protected resume library using credentials that Monster Worldwide said were stolen from its clients, in one of the biggest Internet security breaches in recent memory. They launched the attack using two servers at a Web-hosting company in Ukraine and a group of personal computers that the hackers controlled after infecting them with a malicious software program known as Infostealer.Monstres, said Patrick Manzo, vice president of compliance and fraud prevention for Monster, in a phone interview. The company first learned of the problem on August 17, when investigators with Internet security company Symantec told Monster it was under attack, Manzo said. "In terms of figuring out what the issue was, that was a relatively quick process," he said. "The other issue is you want to make sure exactly what you are dealing with." His security team spent the weekend investigating, located the rogue servers, and got the Web-hosting company to shut them down some time either late in the evening on August 20, or early in the morning of August 21, he said. Manzo also said that based on Monster's review, the information stolen was limited to names, addresses, phone numbers and e-mail addresses, and no other details including bank account numbers were uploaded.
Half of employers restrict Facebook
28 August 07 02:57 AM
Half of businesses are restricting employees'
access to social-networking site Facebook,
due to concerns about productivity and
security.
According to research by security company Sophos, 43 percent of workers polled said their employer blocks Facebook access completely. A further 7 percent said access is restricted depending on whether it's required for a particular job. "I think it's a growing concern for employers for a number of reasons," said Graham Cluley, senior technology consultant at Sophos. "The most pressing concern at the moment is one of productivity...Some people are spending an inordinate amount of time on nonwork-related Web sites."
According to research by security company Sophos, 43 percent of workers polled said their employer blocks Facebook access completely. A further 7 percent said access is restricted depending on whether it's required for a particular job. "I think it's a growing concern for employers for a number of reasons," said Graham Cluley, senior technology consultant at Sophos. "The most pressing concern at the moment is one of productivity...Some people are spending an inordinate amount of time on nonwork-related Web sites."
Thieves in U.K. steal police data server
28 August 07 02:56 AM
One of the private companies that helps
police use mobile-phone networks to track
terror suspects confirmed on Saturday that a
server had been stolen from its office in
Sevenoaks, England.
According to police, the data stored on the stolen server was of little value. The company involved, Forensic Telecommunication Services (FTS), says that the data was encrypted.
"In the unlikely event that the server was accessed, none of the data stored on the server in any way compromises ongoing police operations," FTS said in a statement sent to The Mail on Sunday. "The information is made up of either old cases that have passed through the judicial process, or cases that are already in the judicial system and so subject to full disclosure to both defense and prosecution teams."
According to police, the data stored on the stolen server was of little value. The company involved, Forensic Telecommunication Services (FTS), says that the data was encrypted.
"In the unlikely event that the server was accessed, none of the data stored on the server in any way compromises ongoing police operations," FTS said in a statement sent to The Mail on Sunday. "The information is made up of either old cases that have passed through the judicial process, or cases that are already in the judicial system and so subject to full disclosure to both defense and prosecution teams."
Discover security breach, blame the co-workers?
28 August 07 02:52 AM
IT managers in small and midsize businesses
blame their fellow workers for online
security breaches--despite the fact many
small enterprises still don't enforce Web
usage policies.
More than a fourth of European IT managers in small businesses said they believe that company employees are responsible for security problems, according to research commissioned by security software company Websense.
The most frustrating problem for IT managers is employee behavior (cited by nearly a third of managers), followed by security not being high enough on the corporate agenda and then budget constraints.
More than a fourth of European IT managers in small businesses said they believe that company employees are responsible for security problems, according to research commissioned by security software company Websense.
The most frustrating problem for IT managers is employee behavior (cited by nearly a third of managers), followed by security not being high enough on the corporate agenda and then budget constraints.