|
Sunday, September 1, 2002 |
U.S. officials reportedly are preparing for possible hack attacks by Chinese individuals,
groups and government, according to published reports. Security officials told NewsFactor
they are watching for activity related to last year's conflict between American and
Chinese hackers. [NewsFactor Cybercrime & Security]
23:59
#
G!
| |
Even as bills are introduced in the U.S. legislature that call for more severe penalties
for those who break into computer systems, causing monetary damage and potentially
putting people at risk, high-profile teen hacker cases persist.
While analysts cannot pinpoint exactly how teens find their way into heavily guarded government and enterprise computer systems, they pointed to several factors that often aid teen vandals more than adult perpetrators. These factors include easy-to-use scripting toolkits, readily available information and abundant time to learn new skills.
"What you're finding today is that young adults are able to look at Web sites, pick up very sophisticated tools and have the ability to run them," Symantec (Nasdaq: SYMC) Security Response senior director Vincent Weafer told NewsFactor.
Incidents on the Rise
More than 26,000 computer intrusion incidents were reported in the first three months of this year to the Coordination Center of the Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburgh, Pennsylvania. That number surpasses the total for all of 2000.
According to the National Infrastructure Protection Center and security analysts, prefabricated scripting programs that can create viruses and other harmful code without requiring much computer knowledge have enticed teens to give cybercrime a test drive.
[NewsFactor Cybercrime & Security]
23:56
#
G!
| |
When hackers electronically invaded state computers in April, they got access to
information that included the Social Security numbers of virtually every one of the
265,000 people on California's payroll. [NewsFactor Cybercrime & Security]
23:49
#
G!
| |
Worldwide software piracy rose 3 percent last year, with two of every five software programs around the globe illegally obtained, a trade group said Monday.
In its seventh annual survey, the Business Software Alliance noted that the global economic impact of pirated software totaled nearly US$11 billion last year.
The study found an increase in pirated software for a second year in a row, placing Vietnam and China at the top of the charts with 94 and 92 percent, respectively, of all software obtained illegally. Indonesia, the Ukraine, Russia, Pakistan, Lebanon, Qatar, Nicaragua and Bolivia rounded out the top 10 countries in terms of piracy rates, though all but Nicaragua saw a drop from the previous year.
According to the study, the United States had a 25 percent rate of pirated software -- an increase of 1 percent from 2000. Losses as a result of U.S. software piracy totaled $1.8 billion, down from $2.6 billion in 2000.
[NewsFactor Cybercrime & Security]
I can think of no scientific way hw to get this numbers.
23:47
#
G!
| |
A new method that uses a network of small programs to protect software from being cracked and distributed illegally over the Internet is under development at Purdue University.
Researchers and a startup venture born out of the work -ö Arxan Technologies -ö are touting the technique as a replacement to the single point of failure software pirates use to compromise programs for distribution.
"Normally, you have a single point of failure in the code," Arxan senior vice president of development and marketing Donna Jeker told NewsFactor. "It often comes down to a single line of code. We make it into hundreds of security units that are sprinkled throughout the program." [NewsFactor Cybercrime & Security]
23:45
#
G!
| |
Credit card holders can now check to see whether thieves are attempting to use their account numbers. The new service, available to all credit card holders, is available at CardCops.com.
Backers of the new service said the site is aimed at closing the gap between when a card is stolen and when the theft is reported.
"I think it's going to be a tool to help the public feel better about putting their credit card numbers on the Internet," CardCops chief executive officer Dan Clements told NewsFactor.
[NewsFactor Cybercrime & Security]
23:44
#
G!
| |
Intelligence and defense officials are reportedly skeptical of potential terrorists'
technical ability to launch a cyber attack. However, according to published reports, the
United States has uncovered an Internet trail left by al Qaeda operatives. [NewsFactor Cybercrime & Security]
23:41
#
G!
| |
A slew of federal, state and other government agencies announced Tuesday that they had joined forces to bring civil and criminal charges against 19 Internet scammers who have allegedly bilked millions of dollars from thousands of users.
The online operations ranged from bogus work-at-home offers to Internet auctions and Web hosting services, according to the group known as the Midwest Netforce, which includes the U.S. Federal Trade Commission , the Federal Bureau of Investigation, the U.S. Postal Inspection Service, the Securities and Exchange Commission, and law enforcement officials from 11 Midwest states.
"It's certainly one of the biggest operations of its kind," FTC Midwest region director Steve Baker told NewsFactor. "There have been bigger ones, but this is definitely right up there."
Action on Auctions
Baker said the biggest source of complaints regarding Internet scams, by far, is auctions.
"There are so many people doing Internet auctions -- a tiny fraction of them are crooks," Baker said. "Unfortunately, there's quite a bit of it."
Typical auction fraud exposed in the latest sweep involved advertising and selling merchandise, then failing to provide the merchandise to the winning bidder after receiving payment. Baker said the law enforcement actions ranged from search warrants and criminal indictments to civil actions and settlements.[NewsFactor Cybercrime & Security]
23:36
#
G!
| |
Based on details gleaned from internal Federal Bureau of Investigation memos and documents, the Electronic Privacy Information Center (EPIC) said its concerns over the Carnivore surveillance system have been confirmed. The watchdog organization obtained the documents through the Freedom of Information Act (FOIA), a lawsuit and a recent court order.
An internal FBI e-mail dated April 5, 2000, indicated that Carnivore, an e-mail sniffing software application used by the FBI, had collected nontargeted e-mail. In response to Carnivore's overzealousness, the FBI section responsible for investigating Osama bin Laden threw out an entire batch of Carnivore-collected e-mail, including e-mail regarding a court-authorized investigation target.
"We think it is confirmation that there are real risks to this kind of general search and surveillance method," EPIC legislative counsel Chris Hoofnagle told NewsFactor. "What's most troubling, and what's in the memo, is that the FBI cannot manage its own Foreign Intelligence Surveillance Act (FISA) efforts."
[NewsFactor Cybercrime & Security]
23:21
#
G!
| |
Security experts estimate that as few as 3 percent of cell phone and other
wireless-device users are protected by antivirus software, but, as it turns out, there is
not yet much interest in creating worms for mobile devices. Even so, Yankee Group senior analyst Anil Phull told Wireless NewsFactor
that mobile devices are more likely to be targeted by virus writers in the future. [NewsFactor Cybercrime & Security]
Another wireless virus FUD. I guess we will manage to get this into a selffulfilling prophecy. See also "Mobile Viruses?"
23:15
#
G!
| |
All it took for Tim Lloyd to destroy more than 1,000 of his employer's programs was about a
half-dozen lines of code. Such a situation is every business' worst fear: that employees
could betray their trust and attack their computer systems from the inside. "In most
organizations, there is the genuine desire to trust your employees. It's just easier to
deal with the world if you think you can trust them," Eric Hemmendinger, information
security analyst at the Aberdeen Group, told NewsFactor. "But that is not always the case." [NewsFactor Cybercrime & Security]
23:06
#
G!
| |
A former Charlotte County Commission (Florida) candidate is now serving two years in the Marion Correctional Institute for committing the most common form of online fraud -- Internet auction scams.
A jury found Richard L. Lewis, 47, guilty of five counts of communications fraud, five counts of grand theft and one count of organized fraud.
He is one of the first in Southwest Florida to be convicted of committing crimes in cyberspace -- an outlet for communication that saw 16,775 fraud complaints filed nationwide with the Internet Fraud Complaint Center in 2001, totaling $17.8 million in losses.
[NewsFactor Cybercrime & Security]
23:01
#
G!
| |
Yahoo! (Nasdaq: YHOO) claimed responsibility for serving "espresso" in e-mails that actually said "mocha," calling the word changes on its service a byproduct of aggressive security against hackers.
The company's e-mail filtering goes beyond other efforts to sift out words that are also code commands -- such as "mocha" for Java or "eval" in other programming languages. The practice has resulted in altered inbound e-mail messages.
"Yahoo's is the first case I'm aware of where they're modifying the actual text of the letter to get a better security stance," SecurityFocus senior threat analyst Ryan Russell told
[NewsFactor Cybercrime & Security].
23:00
#
G!
| |
In a never-ending search for con artists, software pirates and digital thieves, U.S. companies with billions of dollars at stake are spending time and resources to curb
infringement and catch perpetrators. Their tactics may include scanning the Internet and Web sites for pirated materials, or tracking user registration and behavioral data in search of repeated fraudulent patterns. [NewsFactor Cybercrime & Security]
Aprivate, secret police. Not a good thing for de democracy.
22:56
#
G!
| |
The word "piracy" used to conjure up images of marauders on the high seas, with skull-and-crossbones flag flapping above a battered -- yet potentially deadly -- vessel. Today's pirates, on the other hand, tend to steal software. They may not have knives in their teeth, but there is ill-gotten booty in their holds nonetheless.
Although it is difficult to track the amount of revenue lost to piracy, many software companies and analysts claim the problem is growing -- and draining increasing amounts of revenue from business coffers.
[NewsFactor Cybercrime & Security]
22:53
#
G!
| |
In the few years since the Internet has become an important venue for commerce, communications and entertainment, so-called cybercops have tried to impose a variety of rules, regulations and guidelines to protect the interests of consumers and businesses.
Unfortunately, however, no mechanism yet exists to enforce such initiatives.
[NewsFactor Cybercrime & Security]
22:41
#
G!
| |
Der rheinland-pf...lzischen Polizei ist ein mutma§licher 0190-Betr[florin]ger ins Netz gegangen. Der Mann hatte offenbar im gesamten Bundesgebiet gef...lschte Mahnungen per Fax verschickt. Sein Ziel dabei: Die Empf...nger sollten zum R[florin]ckruf [florin]ber eine teure 0190-Nummern verleitet werden. Bei einer Hausdurchsuchung stellte die Polizei umfangreiches Beweismaterial sicher.
Dutzende Gesch...ftsleute, vorwiegend im bayerisch-schw...bischen Raum, aber auch in anderen Bundesl...ndern staunten nicht schlecht, als ihnen vor gut zwei Wochen Mahnungen einer angeblichen ãLandesobergerichtsvollzugsstelleä ins Haus flatterten. Unter Verweis auf eine ganze Latte von Paragrafen mahnte die ãL.O.V.ä mit angeblichem Sitz in Augsburg einen offenstehenden Betrag von [florin]ber 800 Euro an. Zudem wurde der anstehende Besuch des Gerichtsvollziehers angek[florin]ndigt.
Gleich mehrfach wies die angebliche ãVollzugsstelleä in ihren Faxen aber darauf hin, dass man bei telefonischen R[florin]ckfragen zur Verf[florin]gung stehe, und zwar unter der Nummer ã019083/4897ä. Es handelte sich hierbei um eine eher schlecht als recht getarnte 0190-Nummer, die bei einem Anruf mit 1,86 ¥/Minute zu Buche schl...gt. Ein Hinweis auf die Geb[florin]hren war dem SchreibenÊ nicht zu entnehmen. Dennoch wurden viele der Empf...nger misstrauisch und fragten - unter der ãechtenä Nummer - bei der Augsburger Justiz nach. Die informierte sofort die Staatsanwaltschaft. Diese wiederum leitete Ermittlungen wegen versuchten Betruges ein.
Womit der mutma§liche Betr[florin]ger nicht rechnete: Die Nummernbetreiber zeigten sich h[ring]chst kooperativ bei der Herausgabe der Daten ihres Kunden. Tats...chlich dauerte es so nur noch wenige Tage, bis die Ermittler zuschlagen konnten. Im rheinland-pf...lzischen Bad Sobernheim wurde jetzt die Wohnung eines 21-J...hrigen durchsucht - mit Erfolg. Die Fahnder entdeckten Ê nicht nur entsprechende Stempel und Faxvorlagen, sondern auch Computer, Faxger...t und eine Vorrichtung, um am Telefon die Stimme verzerren zu k[ring]nnen. Wie sich herausstellte, hatte der Tatverd...chtige nicht nur als ãVollzugsstelleä versucht, arglose Gesch...ftsleute zu prellen, sondern war auch unter diversen anderen Namen aufgetreten. Zudem sei nicht auszuschlie§en, dass er nicht nur [florin]ber 0190-Nummern Geld machen wollte, sondern in mehreren F...llen tats...chlich Geld auf sein Konto [florin]berwiesen bekam, hie§ es. Die Ermittlungen, die aktuell bei mehreren Staatsanwaltschaften im Bundesgebiet laufen, sollen nun bei der Staatsanwaltschaft in Bad Kreuznach zusammengef[florin]hrt werden. Welchen Schaden der 21-j...hrige angerichtet hat, war zun...chst unklar. [dialerschutz.de]
21:03
#
G!
| |
Despite occasional but high-profile security breaches, shoppers have not been turned off by the Web experience. Experts say the chances of being financially victimized online are low because of built-in consumer protection and heightened security awareness. However, analysts' consensus is that e-businesses still need to be concerned about a general sense of skittishness among online shoppers.
GartnerG2 research director Richard Mogull said the findings of recent Gartner surveys point to worries about security and privacy -- even among people who are regular Internet users -- that could pose problems down the road if not addressed.
"The numbers were stunning," Mogull told the E-Commerce Times. "Consumers are concerned, and it could come to the point where it inhibits e-business."
[NewsFactor]
10:08
#
G!
| |
urveillance firmâs client list is stolen and posted on Internet; undercover police officers, Secret Service names revealed
Computer intruders have allegedly broken into the online files of a Florida company that provides surveillance technology to the U.S. military, federal agencies and local police forces, and posted confidential information, including the names and e-mail addresses of undercover police officers on a public Web site, MSNBC.com has learned. [MS NBC]
10:05
#
G!
| |
An Internet stalker is haunting the porn industry.
In recent months, blue-movie luminaries have received dozens of e-mails, from aliases like "zodiac_killer" and "pornhater2002," filled with racial epithets and grisly descriptions of murder and torture. [Wired News]
10:02
#
G!
| |
by the Berkman Center for Internet & Society Harvard Law School The authors list below selected sites tested by users of the Real-Time Testing system and found to be inaccessible in China. For details about the significance of this finding and its proper interpretation, see the FAQ. The system excludes from reporting certain sites for which accessibility from China remains uncertain. An eclectic collection of sites. Includes the ones you would expect and some schools and even sourceforge.net [Privacy Digest]
Nice pice of research. On of the few attempts to do experimental law research - a thing wich i love. My dream would be a 'center for experimental crime research' :-)
9:54
#
G!
| |
Citing the "compelling, credible testimony" of ex-hacker Kevin Mitnick, state officials urged Nevada regulators to force a series of dramatic security reforms on Las Vegas telephone company Sprint of Nevada last week, as final arguments were filed in the case of an in-room adult entertainment operator who believes he's being driven out of business by phone hackers.
[The Register]
A very long running (since 1994) very strange case.
9:49
#
G!
| |
Suelette Dreyfus tries to find out who is actually breaking into australian computer systems
9:46
#
G!
| |
Washington, DC - The Electronic Frontier Foundation (EFF) and eleven other consumer and privacy groups today sided with Verizon in its struggle to protect customer privacy. The groups urged a federal court to prevent the Recording Industry Association of America (RIAA) from forcing Internet Service Provider Verizon to identify a customer the RIAA has accused of offering infringing music on a peer-to-peer system. "The court should require careful judicial consideration of facts supporting any accusations and hear the other side of the story before violating the privacy of an Internet user," said EFF Legal Director Cindy Cohn. "The RIAA asked the court to throw a long history of protection of anonymous speech out the window as soon as someone suspects copyright infringement on a peer-to-peer system." EFF, along with over a dozen other groups, including the National Consumers League, Electronic Privacy Information Center, Media Action Project, Computer Professionals for Social Responsibility, and the nation's oldest general farm organization The Grange, filed a "friend of the court" brief urging that the same strong protections that apply for anonymous speech in other contexts also apply for claims of copyright infringement. [Privacy Digest]
9:41
#
G!
| |
SAN FRANCISCO--Earlier this year, a few California scuba divers found out just how far the long arm of the law can reach since Sept. 11. Federal agents concerned about scuba-related terrorist plans requested the entire database of the Professional Association of Diving Instructors. Unbeknownst to most of its members, the organization voluntarily handed over a list of more than 100,000 certified divers worldwide, explaining later that it wanted to avoid an FBI subpoena that would have required far more information to be disclosed. Cindy Cohn, an attorney with the Electronic Frontier Foundation and a diver listed in the database, was livid after learning of the incident. Such concerns resonate with particular volume in this liberal city where the EFF is based, which has a long history of protesting government intrusion. "You participated in creating an FBI file on me and all the rest of your customers, loyal Americans who have done nothing wrong and who now face the process of increased surveillance by virtue of the fact that we did business with you," Cohn wrote in a letter to the Southern California-based divers association. Since Sept. 11, databases containing information on tens of thousands of ordinary people have found their way into the hands of federal investigators hungry for any scraps of data that might serve as leads in terrorism investigations. Grocery shopping lists, travel records and information from other, more public databases have all been caught in the government's antiterrorism net. [ ... ] Libraries also have concerns about the Patriot Act, particularly provisions that lower the standards for obtaining patron records. Under one portion of the law, federal agents need only a search warrant--which requires immediate release of the records--and no longer have to show that they might find evidence of a crime [ ... ] Of 1,026 libraries surveyed by the American Library Association earlier this year, 85--or 8.3 percent--had received Sept. 11-related requests for records from government agents. [Privacy Digest]
9:37
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|